CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)

Overview Rapid7 Labs conducted a zero-day research project against an HP Poly VVX 450 Voice over Internet Protocol VoIP phone. This research resulted in the discovery of a critical unauthenticated stack-based buffer overflow vulnerability, CVE-2026-0826. A remote attacker can leverage CVE-2026-08...

CVE-2026-0826: How an Old Bug Can Feed AI-Powered Impersonation

One of the more persistent myths in security is that old bug classes become old problems. They don’t. They just show up in different places, under different conditions, and usually at the exact moment we’ve convinced ourselves not to pay attention to them. That’s part of what makes enterprise voi...

FFmpeg <= 8.0.1 Multiple Vulnerabilities

The version of FFmpeg installed on the remote host is 8.0.1 or earlier. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read in the readglobalparam function libavcodec/av1dec.c of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input...

RHEL 10 : delve (RHSA-2026:3864)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3864 advisory. Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go...

CVE-2026-1633

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...

CVE-2026-1633

CVE-2026-1633 concerns the Synectix LAN 232 TRIO 3-Port serial-to-Ethernet adapter, where the web management interface is exposed without authentication. This allows unauthenticated users to modify critical device settings or perform a factory reset, per multiple sources. The reported impact incl...

CVE-2023-4468

A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical...

CVE-2023-4467

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been...

[SECURITY] Fedora 42 Update: python-starlette-0.47.3-2.fc42

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

EUVD-2014-6267

Malware in sbrugna...

EUVD-2013-2721

Malware in sbrugna...

EUVD-2018-6817

Malware in sbrugna...

EUVD-2018-9617

Malware in sbrugna...

EUVD-2015-7648

Malware in sbrugna...

EUVD-2018-6816

Malware in sbrugna...

EUVD-2008-3404

Malware in sbrugna...

CVE-2025-61197

An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod 5750HD, Optimod Trio Optimod version 1.0.0.33 - System version 2.5.26 allows a remote attacker to escalate privileges via the application stores user privilege/role information in client-side browser storage...

CVE-2025-61198

A stored cross-site scripting XSS vulnerability in Optimod 5950 - Optimod 5950HD - Optimod 5750 - Optimod 5750HD - Optimod Trio - Optimod version 1.0.0.33 - System version 2.5.26, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payloa...

Orban多款产品 安全漏洞

Orban Optimod 5950 and others are a broadcast audio processor from Orban USA. A security vulnerability exists in various Orban products that stems from a malicious payload in logs that is not handled correctly, which could lead to a stored cross-site scripting attack. The following products and...

Orban多款产品 安全漏洞

Orban Optimod 5950 and others are a broadcast audio processor from Orban USA. A security vulnerability exists in various Orban products that stems from an application storing user privilege or role information in the client browser storage, which could lead to elevated privileges. The following...