CVE-2019-18863

A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercep...

CVE-2024-41711

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1 R6.4.0.136 could allow an unauthenticated attacker with physical access to the phone to conduct an argument injection attack, due to insufficient parameter...

CVE-2017-6900

An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue is with the login script and wrongpass Python script used for authentication. When calling wrongpass, the variables $VAL0 and $VAL1 should be enclosed in quotes to prevent the potential for Bash command injection. Further to...

EUVD-2017-17119

Malware in sbrugna...

EUVD-2022-34172

Malicious code in bioql PyPI...

MAL-2025-6900 Malicious code in @angular_devkit/architect (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

CVE-2025-47188

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient paramete...

CVE-2025-47188

CVE-2025-47188 describes a command-injection vulnerability in Mitel SIP Phones (6800, 6900, 6900w series) up to 6.4 SP4 (R6.4.0.4006) and the 6970 Conference Unit up to 6.4 SP4 or V1 R0.1.0.** The root cause is insufficient input sanitization, allowing an unauthenticated attacker to execute arbit...

EUVD-2025-23917

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through 6.4 SP4, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an...

Mitel多款产品 安全漏洞

Mitel 6800 Series and Mitel 6900 Series are both a series of phones from Mitel Canada. A security vulnerability exists in various Mitel products that stems from insufficient parameter cleanup and could lead to a command injection attack. The following products and versions are affected: Mitel 680...

CVE-2025-47187

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication...

CVE-2025-47187

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication...

Mitel 6800 Series、Mitel 6900 Series和Mitel 6900w Series 安全漏洞

Mitel 6800 Series and others are a series of telephones from the Canadian company Mindy Mitel. A security vulnerability exists in the Mitel 6800 Series, Mitel 6900 Series, and Mitel 6900w Series that stems from a lack of an authentication mechanism that could lead to a file upload attack...

CVE-2022-29854

A vulnerability in Mitel 6900 Series IP MiNet phones excluding 6970, versions 1.8 1.8.0.12 and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploi...

CVE-2025-46834

Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...

CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook

Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...

CVE-2025-46834

Summary: CVE-2025-46834 concerns Alchemy’s Modular Account (2.x branch) prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, where the allowlist module fails to check the path from executeUserOp to execute or executeBatch. This gap permits any session key to bypass access controls and access...

CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook

Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...

PT-2025-21362 · Unknown · Modular Account De Alchemy

Name of the Vulnerable Software and Affected Versions: Modular Account de Alchemy versions prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0 Description: The issue concerns a bug in the allowlist module of Modular Account de Alchemy, which is compatible with ERC-4337 and ERC-6900. This bug...

PT-2025-20723 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: Mitel 6800 Series SIP Phones versions through 6.4 SP4 Mitel 6900 Series SIP Phones versions through 6.4 SP4 Mitel 6900w Series SIP Phones versions through 6.4 SP4 Mitel 6970 Conference Unit versions through 6.4 SP4 Description: A vulnerabilit...