Lucene search
K

2727 matches found

NVD
NVD
added yesterday3 views

CVE-2026-50669

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Telephony Service allows an authorized attacker to elevate privileges locally...

7CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-50669

CVE-2026-50669 is a Windows Telephony Service local privilege-escalation vulnerability caused by concurrent execution over a shared resource without proper synchronization (race condition). The description and connected sources confirm impact as elevation of privileges to local attackers with low...

7CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday30 views

CVE-2026-50669 Windows Telephony Server Elevation of Privilege Vulnerability

...

7CVSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added yesterday5 views

Windows Telephony Server Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Telephony Service allows an authorized attacker to elevate privileges locally...

7CVSS6.2AI score
Exploits0
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-54695 Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. Prior to 1.4.0, the pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication, reads an attacker-supplied callSid...

7.5CVSS0.00343EPSS
Exploits1References5
CVE
CVE
added 6 days ago17 views

CVE-2026-54695

CVE-2026-54695 - Pipecat Telephony WebSocket /ws Unauthenticated Call-Control Abuse Pipecat prior to v1.4.0 registers a /ws WebSocket endpoint for telephony testing that accepts connections without authentication. An attacker can send a crafted handshake containing a caller-supplied callSid, whic...

7.5CVSS6AI score0.00343EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/07/01 4:17 a.m.7 views

CVE-2026-20462

In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871...

6.7CVSS0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 3:14 a.m.8 views

EUVD-2026-40875

In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871...

6.7CVSS6.1AI score0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 3:14 a.m.37 views

CVE-2026-20462

In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871...

0.00111EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 3:14 a.m.24 views

CVE-2026-20462

Technical details about CVE-2026-20462 are not publicly available in the provided documents. Monitor for updates from vendors and security bulletins to obtain affected components, impact, and remediation specifics.

6.7CVSS6.1AI score0.00111EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/18 3:5 p.m.6 views

Missing Authorization

Overview pipecat-ai is an An open source framework for voice and multimodal assistants Affected versions of this package are vulnerable to Missing Authorization via the telephony WebSocket /ws and plain WebSocket /ws-client endpoints, which accepts attacker-controlled handshake messages containin...

8.7CVSS5.8AI score0.00343EPSS
Exploits1References2
OSV
OSV
added 2026/06/18 3:5 p.m.7 views

GHSA-J8CV-X86Q-RJ85 Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID

Development Runner Telephony WebSocket /ws Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID Summary The pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without any authentication. An unauthenticated remote attacker who...

7.5CVSS5.7AI score0.00343EPSS
Exploits1References3
NVD
NVD
added 2026/06/17 10:54 a.m.10 views

CVE-2026-46949

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.1CVSS0.00405EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.11 views

CVE-2026-46947

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.8CVSS0.00402EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.11 views

CVE-2026-46950

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.8CVSS0.00402EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-50049

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.1CVSS5.1AI score0.00405EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.21 views

PT-2026-50048

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.8CVSS5.3AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.23 views

PT-2026-50050

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.8CVSS5.3AI score0.00402EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 4:45 a.m.43 views

CVE-2026-12220 Yealink SIP-T46U Firmware Chunk Upload handler accupgradebychunk mod_upgrade.SparePartsUpload stack-based overflow

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function modupgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack...

8.6CVSS0.00371EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.22 views

Oracle E-Business Suite (April 2026 CPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite component: Setup and Administration. Supported...

9.8CVSS6.3AI score0.01916EPSS
Exploits7References21
Rows per page
Query Builder