Lucene search
+L

3187 matches found

nuclei
nuclei
added 3 days ago18 views

Mitel MiCollab - Information Disclosure & Denial of Service

Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 contain a vulnerability in the TP-240 component caused by improper handling, letting remote attackers obtain sensitive information and cause denial of service, exploit requires remote access. id: CVE-2022-26143 info: name:...

9.8CVSS7.1AI score0.87565EPSS
Exploits1References1
schneier
schneier
added 2026/07/09 11:0 a.m.14 views

The Language of AI Could Change How Humans Speak

Because of the way they are trained, large language models capture only a slice of human language. They're trained on the written word, from textbooks to social media posts, and our speech as captured in movies and on television. These models have minimal access to the unscripted conversations we...

5.9AI score
Exploits0
euvd
euvd
added 2026/07/09 12:31 a.m.8 views

EUVD-2026-42491

Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS6AI score0.00274EPSS
Exploits0References2
nvd
nvd
added 2026/07/09 12:17 a.m.9 views

CVE-2026-47646

Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS0.00274EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/08 11:24 p.m.32 views

CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability

...

9.3CVSS0.00274EPSS
Exploits0References1
cve
cve
added 2026/07/08 11:24 p.m.39 views

CVE-2026-47646

CVE-2026-47646 describes an improper neutralization of input during web page generation (XSS) in Dynamics 365 Customer Voice . The vulnerability allows an unauthenticated attacker to perform spoofing of the user interface over a network, as indicated by a high-impact, network-based CVSS score (CR...

9.3CVSS6AI score0.00274EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/07/08 11:24 p.m.6 views

CVE-2026-47646 Dynamics 365 Customer Voice Spoofing Vulnerability

...

9.3CVSS5.9AI score0.00274EPSS
Exploits0References1
cve
cve
added 2026/07/08 9:39 p.m.19 views

CVE-2026-5922

CVE-2026-5922 affects Poly Voice IP phones; a vulnerability exists where malicious input stored in configuration parameters is rendered in the WebUI, enabling cross-site scripting (XSS) and potentially allowing unauthorized modification of the WebUI. Root cause appears to be input stored in confi...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/08 9:39 p.m.34 views

CVE-2026-5922 Poly Voice – Potential Unauthorized Modification of WebUI using XSS Attack

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS0.00234EPSS
Exploits0References1
cve
cve
added 2026/07/08 9:29 p.m.13 views

CVE-2026-5923

CVE-2026-5923 affects Poly Voice IP phones’ WebUI. A stolen cookie may enable CSRF to modify the WebUI contents. Impact: integrity and availability High; confidentiality Low. Exploitation status and fixes are not detailed in the provided documents; no patch/version info is given.

6CVSS5.9AI score0.00139EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/08 9:29 p.m.34 views

CVE-2026-5923 Poly Voice – Potential Unauthorized Modification of WebUI using CSRF Attack

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS0.00139EPSS
Exploits0References1
nvd
nvd
added 2026/07/01 3:17 p.m.10 views

CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS0.00253EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/01 2:8 p.m.7 views

CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References2
cve
cve
added 2026/07/01 2:8 p.m.18 views

CVE-2026-2891

The CVE-2026-2891 entry concerns Poly Voice IP devices (CCX, Trio, Edge E) and describes a potential DoS if these devices connect to a malicious SIP server sending malformed data. Affected components are the Poly Voice devices themselves; the root cause is triggered by malformed SIP input from a ...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
euvd
euvd
added 2026/07/01 2:8 p.m.10 views

EUVD-2026-41005

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
euvd
euvd
added 2026/06/30 7:55 p.m.8 views

EUVD-2026-40403

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS5.8AI score0.00201EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/30 7:55 p.m.41 views

CVE-2026-10140 Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS0.00201EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.7 views

PT-2026-53957

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.10.0 Description The voice mode contains improper shared-state handling, which allows API clients to be reused across tenant boundaries. An authenticated attacker can manipulate the cache state, causin...

9.6CVSS6AI score0.00201EPSS
Exploits0References5
ibm
ibm
added 2026/06/26 8:23 p.m.4 views

Security Bulletin: Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem

Summary The voice mode subsystem src/backend/base/langflow/api/v1/voicemode.py contains two critical vulnerabilities that enable cross-tenant API key reuse and billing fraud. The first vulnerability involves a process-global ElevenLabs client singleton that caches the first user's API key and...

9.6CVSS5.8AI score0.00201EPSS
Exploits0Affected Software1
metasploit
metasploit
added 2026/06/18 7:1 p.m.182 views

HP Poly Voice Unauthenticated Remote Code Execution

CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...

9.2CVSS6.9AI score0.24469EPSS
Exploits3
Rows per page
Query Builder