CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

687 matches found

Issabel Authenticated - Remote Code Execution

A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asteriskcli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated...

9.8CVSS5.5AI score0.80633EPSS

Exploits2References5

Nuclei•added yesterday•28 views

Issabel PBX 4.0.0-6 - Directory Listing

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory id: CVE-2023-37599 info: name: Issabel PBX 4.0.0-6 - Directory Listing author: ritikchaddha severity: high description: | An issue in issabel-pbx v.4.0.0-6 allows a remote attacker...

7.5CVSS7.2AI score0.85615EPSS

Exploits1References2

Vulnrichment•added last week•10 views

CVE-2026-44238 FreePBX: Authenticated SQL Injection via ORDER BY in CDR Reports

FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...

8.5CVSS5.8AI score0.00058EPSS

Exploits0References1

Rapid7 Blog•added 2026/03/20 8:3 p.m.•8 views

Metasploit Wrap-Up 03/20/2026

♫ I Just Called ♫ To Say ♫ 7f45 4c46 0201 0100 0000 0000 0000 0000 0300 3e00 0100♫ This release contains 2 new exploit modules, 2 enhancements, and 7 bug fixes. Community contributor Chocapikk submitted both exploit modules this release: one targeting AVideo-Encoder’s getImage.php file and anothe...

9.8CVSS7.6AI score0.75413EPSS

Exploits6

EUVD•added 2026/03/05 6:22 p.m.•3 views

EUVD-2026-9856

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech TTS engine in the recordings module. This issue has been patched in versions 16.0.20...

7.5CVSS5.8AI score0.00159EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:49 a.m.•3 views

CVE-2009-4038

Multiple cross-site scripting XSS vulnerabilities in NCH Software Axon Virtual PBX 2.10 and 2.11 allow remote attackers to inject arbitrary web script or HTML via the 1 onok or 2 oncancel parameter to the logon program. NOTE: the provenance of this information is unknown; the details are obtained...

4.3CVSS5.8AI score0.00318EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:8 a.m.•5 views

CVE-2019-20032

An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem...

6.5CVSS6.9AI score0.00203EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:14 a.m.•4 views

CVE-2022-42306

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbxexchange during registration and cause a NULL pointer exception, effectively crashing the pbxexchange process...

6.5CVSS5.6AI score0.00018EPSS

Exploits0References1