162 matches found
PT-2026-44990
3/ On the vuln side: FreeSWITCH 1.11.0/1.11.1 fix an unauthenticated SIP PUBLISH DoS CVE-2026-45771 and more; OpenSIPS shipped 12 advisories / 8 CVEs 3 critical; coturn and Janus got security updates too...
[SECURITY] Fedora 42 Update: opensips-3.5.9-2.fc42
OpenSIPS or Open SIP Server is a very fast and flexible SIP RFC3261 proxy server. Written entirely in C, opensips can handle thousands calls per second even on low-budget hardware. A C Shell like scripting language provides full control over the server's behaviour. It's modular architecture allow...
Fedora 42 : opensips (2026-1a199d8524)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1a199d8524 advisory. Fix CVE-2026-25554 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
Fedora: Security Advisory (FEDORA-2026-1a199d8524)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2026-25554
A flaw was found in OpenSIPS. The authjwt module, when configured with dbmode and a SQL database backend, contains a SQL injection vulnerability in the jwtdbauthorize function. This function extracts the tag claim from a JSON Web Token JWT without verifying its signature and directly incorporates...
EUVD-2026-8694
OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...
CVE-2026-25554
OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...
CVE-2026-25554
OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...
CVE-2026-25554 OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Authentication Bypass
OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...
CVE-2026-25554
OpenSIPS 3.1 (up to 3.6.4) with the auth_jwt module is affected by a SQL injection in jwt_db_authorize() when db_mode is enabled and a SQL backend is used. The function extracts the tag claim from a JWT without signature verification and directly inserts the unescaped value into a SQL query, enab...
CVE-2026-25554 OpenSIPS 3.1 <= 3.6.4 auth_jwt SQL Injection Enables JWT Authentication Bypass
OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...
CVE-2026-25554
OpenSIPS versions 3.1 before 3.6.4 containing the authjwt module prior to commit 3822d33 contain a SQL injection vulnerability in the jwtdbauthorize function in modules/authjwt/authorize.c when dbmode is enabled and a SQL database backend is used. The function extracts the tag claim from a JWT...
OpenSIPS SQL注入漏洞
OpenSIPS is an SIP server implementation licensed under the GPL for individual OpenSIPS developers. Versions of OpenSIPS prior to 3.6.4 contained a SQL injection vulnerability. This vulnerability stems from the jwtdbauthorize function in the authjwt module, which allows for SQL injections,...
PT-2026-21965
Name of the Vulnerable Software and Affected Versions OpenSIPS versions 3.1 through 3.6.3 Description The software contains a SQL injection issue within the jwt db authorize function in the auth jwt module when a SQL database backend is used and db mode is enabled. The function incorporates a tag...
EUVD-2013-3655
Malware in sbrugna...
EUVD-2023-31824
Malicious code in bioql PyPI...
EUVD-2023-31820
Malicious code in bioql PyPI...
EUVD-2023-31335
Malicious code in bioql PyPI...
EUVD-2023-31340
Malicious code in bioql PyPI...
EUVD-2023-31823
Malicious code in bioql PyPI...