Lucene search
+L

365 matches found

Cvelist
Cvelist
added 2026/07/08 9:39 p.m.34 views

CVE-2026-5922 Poly Voice – Potential Unauthorized Modification of WebUI using XSS Attack

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 9:39 p.m.20 views

CVE-2026-5922

CVE-2026-5922 affects Poly Voice IP phones; a vulnerability exists where malicious input stored in configuration parameters is rendered in the WebUI, enabling cross-site scripting (XSS) and potentially allowing unauthorized modification of the WebUI. Root cause appears to be input stored in confi...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 9:29 p.m.13 views

CVE-2026-5923

CVE-2026-5923 affects Poly Voice IP phones’ WebUI. A stolen cookie may enable CSRF to modify the WebUI contents. Impact: integrity and availability High; confidentiality Low. Exploitation status and fixes are not detailed in the provided documents; no patch/version info is given.

6CVSS5.9AI score0.00139EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 9:29 p.m.34 views

CVE-2026-5923 Poly Voice – Potential Unauthorized Modification of WebUI using CSRF Attack

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS0.00139EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 3:17 p.m.11 views

CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:8 p.m.7 views

CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 2:8 p.m.19 views

CVE-2026-2891

The CVE-2026-2891 entry concerns Poly Voice IP devices (CCX, Trio, Edge E) and describes a potential DoS if these devices connect to a malicious SIP server sending malformed data. Affected components are the Poly Voice devices themselves; the root cause is triggered by malformed SIP input from a ...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 2:8 p.m.10 views

EUVD-2026-41005

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:4 a.m.8 views

Malicious code in poly-kelly (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d3df5266b6e9d9347844e4e054ab744aad9517c6f55df4e68e6c6815e843da7 On npm install, the package's postinstall script reads the homepage field from package.json set to...

5.9AI score
Exploits0References5
Hewlett-Packard
Hewlett-Packard
added 2026/06/24 12:0 a.m.6 views

Poly Video Codec - Qualcomm KGSL GPU Driver Update

The Qualcomm Graphics Processing Unit GPU is responsible for rendering graphics, such as images, videos, and text messages on Poly Studio X32, X52, X72, and G62. A memory-corruption vulnerability in the Kernel Graphics Support Layer KGSL GPU driver might allow an attacker to gain access to...

7.8CVSS7.5AI score0.01068EPSS
Exploits3Affected Software4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 12:15 p.m.10 views

Malicious code in poly-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5aab464aac47233efb564c52d5818fef783efa856f8318c61d61ef99ca0da4e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/23 12:15 p.m.14 views

MAL-2026-6287 Malicious code in poly-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5aab464aac47233efb564c52d5818fef783efa856f8318c61d61ef99ca0da4e The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Metasploit
Metasploit
added 2026/06/18 7:1 p.m.184 views

HP Poly Voice Unauthenticated Remote Code Execution

CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...

9.2CVSS6.9AI score0.24469EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-0826

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS6.6AI score0.24469EPSS
Exploits3References1
NVD
NVD
added 2026/06/01 3:16 p.m.16 views

CVE-2026-0826

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS0.24469EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 2:55 p.m.10 views

CVE-2026-0826

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS6.6AI score0.24469EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/06/01 2:55 p.m.11 views

CVE-2026-0826 Poly Voice – Possible Remote Control of Certain Poly Devices

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS6.6AI score0.24469EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/06/01 2:55 p.m.47 views

CVE-2026-0826 Poly Voice – Possible Remote Control of Certain Poly Devices

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS0.24469EPSS
Exploits3References1
EUVD
EUVD
added 2026/06/01 2:55 p.m.18 views

EUVD-2026-33658

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

9.2CVSS6.6AI score0.24469EPSS
Exploits3References1
CVE
CVE
added 2026/06/01 2:55 p.m.53 views

CVE-2026-0826

In CVE-2026-0826, the issue is a stack-based buffer overflow in the Poly Voice device parser for ICE SDP attributes. When ICE is enabled, parsing the a=candidate: line copies input into a 256-byte stack buffer without length checks, enabling crafted SDP to overflow and achieve unauthenticated rem...

9.2CVSS6.6AI score0.24469EPSS
Exploits3References1
Rows per page
Query Builder