HP Poly Voice Unauthenticated Remote Code Execution

CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...

Dynamics 365 Customer Voice Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...

Mitel MiCollab - Information Disclosure & Denial of Service

Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 contain a vulnerability in the TP-240 component caused by improper handling, letting remote attackers obtain sensitive information and cause denial of service, exploit requires remote access. id: CVE-2022-26143 info: name:...

Americans lost nearly $900 million to AI-powered scams, FBI says

The 2025 Federal Bureau of Investigation FBI Internet Crime Report shows that Americans reported $893,346,472 in AI‑related scam losses. Those losses stem from 22,364 AI-related complaints. And these figures represent only the reported losses, which may well be the proverbial tip of the iceberg...

New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams

Cybersecurity researchers are warning businesses about Pink Extortion Group, a threat actor that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments...

CVE-2026-0826

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

WhatsApp, Slack Notifications Could Hijack Google Gemini on Android

A single poisoned notification from WhatsApp, Slack, SMS, Signal, Instagram, or Messenger could have hijacked Google Gemini's voice assistant on Android and made it open a victim's connected windows, fake a message from their boss, push the phone into a Zoom call, or quietly poison its long-term...

CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

@activepieces/piece-vapi (>=0.0.1 <=0.0.2), @keyman500/voice-ai-sdk (>=0.1.0 <=1.1.0) +2 more potentially affected by unknown CVE via @vapi-ai/server-sdk (>=0.10.2 <=0.11.0)

@vapi-ai/server-sdk NPM version =0.10.2, =0.0.1, =0.1.0, =1.0.0, =1.1.0 Source cves: unknown CVE Source advisory: SNYK:JS-VAPIAISERVERSDK-17146457...

CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

CVE-2026-10629

CVE-2026-10629 concerns Verizon IMS SIP signaling lacking IPsec integrity protection. The SIP signaling stack (unspecified Verizon IMS version) reportedly sends SIP messages without ESP encapsulation or Security-Client/Security-Server headers, exposing REGISTER, INVITE, MESSAGE, BYE, UPDATE, and ...

CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

CVE-2026-10629 CVE-2026-10629

SIP signaling stack in Verizon IMS unspecified version implements SIP signaling without IPsec integrity protection missing Security-Client/Security-Server headers and ESP traffic, which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via...

CVE-2026-0826

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

CVE-2026-0826

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

CVE-2026-0826 Poly Voice – Possible Remote Control of Certain Poly Devices

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

CVE-2026-0826

In CVE-2026-0826, the issue is a stack-based buffer overflow in the Poly Voice device parser for ICE SDP attributes. When ICE is enabled, parsing the a=candidate: line copies input into a 256-byte stack buffer without length checks, enabling crafted SDP to overflow and achieve unauthenticated rem...

CVE-2026-0826 Poly Voice – Possible Remote Control of Certain Poly Devices

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

EUVD-2026-33658

In certain scenarios when the admin has enabled Interactive Connectivity Establishment ICE, a buffer overflow could enable remote code execution on Poly Voice products on the Linux platform...

HP Poly Voice 安全漏洞

HP Poly Voice is a voice communication software developed by the American company Hewlett-Packard HP. There is a security vulnerability in HP Poly Voice, which stems from a buffer overflow issue when administrators enable interactive connection establishment. This vulnerability may lead to remote...