269 matches found
CVE-2025-53627
Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...
CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted
Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...
CVE-2025-53627
Meshtastic firmware (from version 2.5) can fall back to legacy AES-256-CTR if the pki_encrypted flag is missing, undermining PKI end-to-end direct messages. The downgrade path allows adversaries with a shared channel key to inject spoofed DMs that appear PKI-encrypted to end-user apps (Web, iOS/A...
CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted
Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...
EUVD-2025-205605
Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...
CVE-2025-53627 Meshtastic firmware allows forged DMs with no PKC to show up as encrypted
Meshtastic is an open source mesh networking solution. The Meshtastic firmware starting from version 2.5 introduces asymmetric encryption PKI for direct messages, but when the pkiencrypted flag is missing, the firmware silently falls back to legacy AES-256-CTR channel encryption. This was an...
PT-2025-53743
Name of the Vulnerable Software and Affected Versions Meshtastic versions 2.5 through 2.7.14 Description Meshtastic firmware, starting with version 2.5, implemented asymmetric encryption PKI for direct messages. However, when the pki encrypted flag is absent, the firmware reverts to legacy...
CVE-2025-62190 CSRF Allows Call Initiation and Message Delivery
Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...
EUVD-2025-14709
Malicious code in bioql PyPI...
EUVD-2025-5098
Malicious code in bioql PyPI...
EUVD-2022-38142
Malicious code in bioql PyPI...
EUVD-2022-53421
Malicious code in bioql PyPI...
EUVD-2022-42285
Malicious code in bioql PyPI...
CVE-2025-52883 Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted
Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally...
CVE-2025-52883 Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted
Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally...
CVE-2025-52883 Meshtastic-Android vulnerable to forged DMs with no PKC showing up as encrypted
Meshtastic-Android is an Android application for the mesh radio software Meshtastic. Prior to version 2.5.21, an attacker is able to send an unencrypted direct message to a victim impersonating any other node of the mesh. This message will be displayed in the same chat that the victim normally...
Meshtastic-Android 安全漏洞
Meshtastic-Android is an Android application from the Meshtastic open source. A security vulnerability exists in Meshtastic-Android versions prior to 2.5.21, which stems from the fact that an attacker can send an unencrypted direct message to impersonate another node, potentially leading to a fal...
CVE-2025-52464
Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...
BIT-DISCOURSE-2025-32376 Discourse DM limits aren’t always properly enforced
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...
CVE-2025-32376
Discourse is an open-source discussion platform. Prior to versions 3.4.3 on the stable branch and 3.5.0.beta3 on the beta branch, the users limit for a DM can be bypassed, thus giving the ability to potentially create a DM with every user from a site in it. This issue has been patched in stable...