Pascom CPS Server-Side Request Forgery

Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...

CVE-2026-7166

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

EUVD-2026-38236

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

CVE-2026-7166 Multiple vulnerabilities in the Assassin game by Gaudire

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

CVE-2026-7166

CVE-2026-7166 affects the Assassin game by Gaudire. The API and local database expose sensitive data via the email and telefon fields, including data on minors and municipal users. This unauthenticated remote access could compromise confidentiality (CVSS 4.0 base 9.2, HIGH impact). No exploit or ...

Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap

Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Bluetooth earbuds, you expect them to play your music and your calls—not someone else’s. But a vulnerability in Apple’s Beats Studio Buds shows how that...

Astra Linux – Vulnerability in Zabbix

Zabbix allows for the configuration of SMS notifications. AT command injection occurs on the “Zabbix Server” because there is no validation of the “Number” field either on the web interface or on the Zabbix server side. An attacker can send specially crafted phone numbers via SMS and execute...

EUVD-2026-37864

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. This is due to insufficient authorization and missing per-calendar ownership checks in the cpabcappointmentscalendarload2 function, which is reachable vi...

CVE-2026-28615

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0057

In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0063

In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0063

In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0057

CVE-2026-0057 affects the Android Contacts Provider. A missing permission check can allow an attacker to read an incoming call’s phone number and related metadata, enabling local information disclosure without extra execution privileges, and exploitation does not require user interaction. The iss...

PT-2026-50229

Name of the Vulnerable Software and Affected Versions Android versions prior to June 2026 Description A logic error in the setAllowedCarriers function within PhoneInterfaceManager.java allows for the disabling of carrier restrictions. This flaw can lead to local escalation of privilege without...

The FCC Wants to Eliminate Burner Phones

A proposed FCC rule would kill burner phones: phones whose accounts are not attached to a particular person. The FCC plans to do this by legally forcing the country's telecoms to store a wealth of personal information about essentially all phone customers, including a government issued...

CVE-2026-12223

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

CVE-2026-12218

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

CVE-2026-12223

The CVE affects Yealink SIP-T46U with firmware 108.86.0.118, specifically the Web FastCGI Service component. The vulnerability lies in the mod_webd.TFTPUploadIperf function within /api/inner/tftpuploadiperf, where manipulating the ip/port argument leads to command injection. Exploitation is descr...

CVE-2026-12222 Yealink SIP-T46U Web FastCGI Service bttest mod_webd.BlueToothTest stack-based overflow

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

CVE-2026-12220

A vulnerability exists in Yealink SIP-T46U firmware 108.86.0.118 affecting the mod_upgrade.SparePartsUpload handler in /api/upgrade/accupgradebychunk. Manipulating the uid argument can cause a stack-based buffer overflow. Exploitation is described as local-network only, with public disclosure and...