Monthly
Freepbx versions up to 17.0.5 contains a vulnerability that allows attackers to forge a valid JWT with full access to the REST and GraphQL APIs on a FreePBX tha (CVSS 7.5).
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.
Under heavy system utilization a random race condition can occur during authentication or token refresh operation. Rated medium severity (CVSS 6.0). No vendor patch available.
CVE-2025-46406 is a security vulnerability (CVSS 5.6) that allows a privileged operator with high level access. Remediation should follow standard vulnerability management procedures.
A security vulnerability in XWiki (CVSS 3.5). Risk factors: public PoC available. Vendor patch is available.
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.
Freepbx versions up to 17.0.5 contains a vulnerability that allows attackers to forge a valid JWT with full access to the REST and GraphQL APIs on a FreePBX tha (CVSS 7.5).
Privilege context switching error in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.
Under heavy system utilization a random race condition can occur during authentication or token refresh operation. Rated medium severity (CVSS 6.0). No vendor patch available.
CVE-2025-46406 is a security vulnerability (CVSS 5.6) that allows a privileged operator with high level access. Remediation should follow standard vulnerability management procedures.
A security vulnerability in XWiki (CVSS 3.5). Risk factors: public PoC available. Vendor patch is available.
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.