CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•2 views

CVE-2026-3655

The OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass in versions 1.8.50 through 1.8.60. This is due to the Firebase verification flow in the lwpajaxregister AJAX handler not binding the Firebase session to the phone number supplied in the...

9.8CVSS5.5AI score0.00314EPSS

RedhatCVE•added yesterday•3 views

CVE-2026-40591

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the phone-conversation creation flow accepts attacker-controlled customerid, name, toemail, and phone values and resolves the target customer in the backend without enforcing mailbox-scoped customer visibility...

7.1CVSS5.5AI score0.00032EPSS

Malwarebytes•added 3 days ago•7 views

Keep getting calls from questionable numbers? Meet Scam Number Check

Have you ever gotten a phone call and had a gut feeling that those random digits looked extra suspicious? It happens to millions of people every day. While many people have trained themselves to ignore such calls, they still pose a threat across the US. In fact, scammers stole more than $21 billi...

5.8AI score

Exploits0

Wired Threat Level•added 4 days ago•14 views

Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling

Available for Android 12 and later, the anti-scam feature is baked into Google Dialer, which sends a silent “confirmation signal” to ensure whoever’s calling you is who they appear to be...

5.8AI score

Exploits0

RedhatCVE•added 4 days ago•10 views

CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS5.7AI score0.00028EPSS

Rapid7 Blog•added 5 days ago•20 views

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol VoIP phone. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-0826. A remote attacker can leverage CVE-2026-08...

9.2CVSS7.1AI score0.00212EPSS

Exploits0

Nuclei•added 5 days ago•20 views

Pascom CPS Server-Side Request Forgery

Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...

9.8CVSS7.3AI score0.92618EPSS

Exploits1References5

NVD•added 6 days ago•12 views

CVE-2026-10170

6.5CVSS0.00028EPSS

Vulnrichment•added 6 days ago•4 views

CVE-2026-10170 code-projects Visitor Management System phone_0.php sql injection

6.5CVSS6.5AI score0.00028EPSS

EUVD•added 6 days ago•8 views

EUVD-2026-33490

6.5CVSS6.5AI score0.00028EPSS

ATTACKERKB•added 6 days ago•7 views

CVE-2026-10170

6.5CVSS5.7AI score0.00028EPSS

Exploits0References5Affected Software1

Cvelist•added 6 days ago•27 views

CVE-2026-10170 code-projects Visitor Management System phone_0.php sql injection

6.5CVSS0.00028EPSS

Positive Technologies•added 6 days ago•6 views

PT-2026-45173

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone 0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may b...

6.5CVSS6.5AI score0.00028EPSS

Patchstack•added 2026/05/29 9:24 a.m.•12 views

WordPress OTP Login With Phone Number, OTP Verification plugin 1.8.50-1.8.60 - Unauthenticated Authentication Bypass vulnerability

Unauthenticated Authentication Bypass vulnerability discovered by luckybuddy in WordPress Plugin Login with phone number versions 1.8.50-1.8.60...

Exploits0References1Affected Software1

NVD•added 2026/05/29 8:16 a.m.•10 views

CVE-2026-3655

9.8CVSS0.00314EPSS

ATTACKERKB•added 2026/05/29 6:43 a.m.•8 views

CVE-2026-3655

Exploits0References7Affected Software1

Cvelist•added 2026/05/29 6:43 a.m.•28 views

CVE-2026-3655 OTP Login With Phone Number, OTP Verification <= 1.8.60 - Unauthenticated Authentication Bypass via Firebase OTP Verification

9.8CVSS0.00314EPSS

CVE•added 2026/05/29 6:43 a.m.•17 views

CVE-2026-3655

The CVE-2026-3655 entry describes an authentication bypass in the WordPress plugin “OTP Login With Phone Number, OTP Verification” versions 1.8.50–1.8.60. The root cause is a Firebase verification flow in the lwp_ajax_register AJAX handler that does not bind the Firebase session to the submitted ...

EUVD•added 2026/05/29 6:43 a.m.•6 views

EUVD-2026-33255