FreeBPX < 16.0.44 Authentication Bypass

According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.44 or 17.x prior to 17.0.23. It is, therefore, affected by an authentication bypass when providing an Authorization header with an arbitrary value, a session is associated with the...

FreeBPX 17.0.x < 17.0.23 Authentication Bypass

According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.44 or 17.x prior to 17.0.23. It is, therefore, affected by an authentication bypass when providing an Authorization header with an arbitrary value, a session is associated with the...

CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target us...

Visual Studio 2022 version 17.0.23 update

This security update applies to all editions of Visual Studio 2022, and will update client machines on the LTSC channel to version 17.0.23. The client machines must be enabled to receive this administrator update, and by default Visual Studio must be closed on the client in order for the update t...