Lucene search
+L

269 matches found

NVD
NVD
added 2025/12/29 5:15 p.m.14 views

CVE-2025-53627

Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...

5.3CVSS0.00191EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/29 4:18 p.m.36 views

CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted

Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...

5.3CVSS0.00191EPSS
Exploits1References1
CVE
CVE
added 2025/12/29 4:18 p.m.72 views

CVE-2025-53627

Meshtastic firmware (from version 2.5) can fall back to legacy AES-256-CTR if the pki_encrypted flag is missing, undermining PKI end-to-end direct messages. The downgrade path allows adversaries with a shared channel key to inject spoofed DMs that appear PKI-encrypted to end-user apps (Web, iOS/A...

5.3CVSS6.4AI score0.00191EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/29 4:18 p.m.5 views

CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted

Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...

5.3CVSS6.4AI score0.00191EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/29 4:18 p.m.29 views

EUVD-2025-205605

Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...

5.3CVSS6.3AI score0.00191EPSS
Exploits1References1
OSV
OSV
added 2025/12/29 4:18 p.m.7 views

CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted

Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...

5.3CVSS5.8AI score0.00191EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.6 views

PT-2025-53743

Name of the Vulnerable Software and Affected Versions Meshtastic versions 2.5 through 2.7.14 Description Meshtastic firmware, starting with version 2.5, implemented asymmetric encryption PKI for direct messages. However, when the pki encrypted flag is absent, the firmware reverts to legacy...

5.3CVSS6.6AI score0.00191EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/12/17 12:7 p.m.30 views

CVE-2025-62190 CSRF Allows Call Initiation and Message Delivery

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...

4.3CVSS0.00102EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-14709

Malicious code in bioql PyPI...

4.8CVSS6.3AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-5098

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00359EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-38142

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00647EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-53421

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00786EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-42285

Malicious code in bioql PyPI...

4.8CVSS5.4AI score0.00411EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/06/24 8:12 p.m.12 views

CVE-2025-52883 Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted

Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally...

5.3CVSS0.00232EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/24 8:12 p.m.7 views

CVE-2025-52883 Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted

Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally...

5.3CVSS7.1AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2025/06/24 8:12 p.m.6 views

CVE-2025-52883 Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted

Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally...

5.3CVSS6.8AI score0.00232EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/06/24 12:0 a.m.4 views

Meshtastic-Android 安全漏洞

Meshtastic-Android is an Android application from the Meshtastic open source. A security vulnerability exists in Meshtastic-Android versions prior to 2.5.21, which stems from the fact that an attacker can send an unencrypted direct message to impersonate another node, potentially leading to a fal...

5.3CVSS6.5AI score0.00232EPSS
Exploits0References3
NVD
NVD
added 2025/06/19 4:15 p.m.5 views

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

9.5CVSS0.00418EPSS
Exploits0References5
OSV
OSV
added 2025/05/02 11:13 a.m.49 views

BIT-DISCOURSE-2025-32376 Discourse DM limits aren’t always properly enforced

Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...

4.8CVSS4.3AI score0.00216EPSS
Exploits0References3
NVD
NVD
added 2025/04/30 3:16 p.m.42 views

CVE-2025-32376

Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...

4.8CVSS0.00216EPSS
Exploits0References2
Rows per page
Query Builder