CVE-2026-46376

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...

CVE-2026-46376 FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...

CVE-2026-46376

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...

EUVD-2026-33295

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...

CVE-2026-46376 FreePBX: Unauthenticated Use of Hard-Coded Credentials Vulnerability in FreePBX UCP Interface

FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel UCP using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP...

CVE-2026-46376

FreePBX UCP vulnerability (CVE-2026-46376): from 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may access the User Control Panel via hard-coded initial template credentials if not changed by the admin. Post-exploitation requires only no admin steps beyond initial UCP setup; authenti...

FreePBX 信任管理问题漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 15.0.42, 16.0.45, and 17.0.7 contained a trust management vulnerability. This vulnerability stemmed from the...

PosCube QR Menu 安全漏洞

PosCube QR Menu is a QR code electronic menu and ordering management system for the catering industry developed by the Turkish company PosCube. The versions of PosCube QR Menu dated back to May 21052026 and earlier contained a security vulnerability. This vulnerability stemmed from an authorizati...

ABIS BAPSİS 安全漏洞

ABIS BAPSİS is a research information system developed by the Turkish company ABIS, aimed at university research projects, academic budgets, and administrative processes management. Previous versions of ABIS BAPSİS, such as v.202604152042, contained security vulnerabilities. These vulnerabilities...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: max9759: fix underflow in speakergaincontrolput Check for negative values of "priv-gain" to prevent an out of bounds access. The concern is that these might come from the user via: - sndctlelemwriteuser - sndctlelemwrite -...

MeWare PDKS 安全漏洞

MeWare PDKS is a personnel management system for enterprise attendance and access control developed by the Turkish company MeWare. Versions of MeWare PDKS from V16.20200313 to VMYR3.5.2025117 contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user...

IBM Langflow Desktop 安全漏洞

IBM Langflow Desktop is a desktop application for AI process orchestration developed by IBM. Versions 1.0.0 to 1.8.4 of IBM Langflow Desktop contain security vulnerabilities. These vulnerabilities stem from indirect object references using user control keys, which may allow unauthenticated users ...

Universal FlexCity/Kiosk 安全漏洞

Universal FlexCity/Kiosk is a smart city self-service terminal system developed by the Turkish company Universal. Versions of Universal FlexCity/Kiosk from 1.0 to 1.0.36 contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization using user control keys,...

Farktor E-Commerce Package 安全漏洞

Farktor E-Commerce Package is an e-commerce platform developed by the Turkish company Farktor. The Farktor E-Commerce Package versions 27112025 and earlier have a security vulnerability. This vulnerability stems from bypassing authorization through the user control key, which may lead to...

TemizlikYolda 安全漏洞

TemizlikYolda is an online domestic service booking platform operated by the Turkish company TemizlikYolda. Versions of TemizlikYolda prior to 11022026 contained security vulnerabilities. These vulnerabilities stemmed from bypassing authorization through user control keys, potentially allowing...

CVE-2023-29586

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can...

WordPress plugin Woffice Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress plugin Five Star Restaurant Reservations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress plugin Master Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

WordPress plugin MyD Delivery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...