Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-46376 |
|
Vulnerability in sangoma (CVE-2026-46376)
vulnerability in sangoma (CVE-2026-46376). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.45` or later.
|
| CVE-2026-44237 |
|
Vulnerability in sangoma (CVE-2026-44237)
vulnerability in sangoma (CVE-2026-44237). Confidential information can be exposed externally. Mitigation: upgrade to `17.0.8` or later.
|
| CVE-2026-44238 |
|
SQL Injection in sqli (CVE-2026-44238)
SQL injection in sqli (CVE-2026-44238). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.50` or later.
|
| CVE-2026-44239 |
|
Vulnerability in path-traversal (CVE-2026-44239)
vulnerability in path-traversal (CVE-2026-44239). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `16.0.22` or later.
|
| CVE-2025-64328 KEV |
|
[KEV] OS Command Injection in Sangoma freepbx (CVE-2025-64328)
OS command injection in Sangoma freepbx (CVE-2025-64328). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2019-19006 KEV |
|
[KEV] Authentication Bypass in Sangoma freepbx (CVE-2019-19006)
authentication bypass in Sangoma freepbx (CVE-2019-19006). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2025-57819 KEV |
|
[KEV] SQL Injection in Sangoma freepbx (CVE-2025-57819)
SQL injection in Sangoma freepbx (CVE-2025-57819). Successful exploitation can lead to full system takeover. Listed in CISA KEV — actively exploited.
|
| CVE-2023-43336 |
|
Vulnerability in sangoma (CVE-2023-43336)
vulnerability in sangoma (CVE-2023-43336). Successful exploitation can lead to full system takeover.
|
| CVE-2022-37325 |
|
Out-of-Bounds Write in c (CVE-2022-37325)
out-of-bounds write in c (CVE-2022-37325). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-17430 |
|
Authentication Bypass in sangoma (CVE-2017-17430)
authentication bypass in sangoma (CVE-2017-17430). Successful exploitation can lead to full system takeover.
|
| CVE-2017-9358 |
|
Vulnerability in sangoma (CVE-2017-9358)
vulnerability in sangoma (CVE-2017-9358). Risk of unauthorized operations or information disclosure.
|