CVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

PT-2026-23502

Name of the Vulnerable Software and Affected Versions OpenCode Systems OC Messaging / USSD Gateway version 6.32.2 Description The software contains a flaw in access control within the web-based control panel. An authenticated attacker with limited privileges can access arbitrary SMS messages by...

OpenCode Systems OC Messaging / USSD Gateway OC 安全漏洞

OpenCode Systems OC Messaging/USSD Gateway OC is a telecommunications operator messaging gateway system developed by OpenCode Company in the UK. Version 6.32.2 of OpenCode Systems OC Messaging/USSD Gateway OC contains a security vulnerability. This vulnerability stems from access control flaws in...

CVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

CVE-2025-70614

The CVE-2025-70614 entry applies to OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2. The vulnerability is due to broken access control in the web-based control panel, allowing an authenticated low-privileged user to access arbitrary SMS messages by tampering with a company or tenan...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the isAllowedParsedChatSender process. An attacker can gain unauthorized access to direct messaging or reaction features by sending messages from an untrusted...

CVE-2025-66168 Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

CVE-2025-48609

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not...

CVE-2026-1713

IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD...

CVE-2025-48609

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not...

CVE-2025-48609

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not...

CVE-2025-48609

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not...

CVE-2025-48609

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not...

CVE-2025-48609

CVE-2025-48609 involves a path traversal issue in MmsProvider.java across Google Android components that can allow arbitrary file deletion and impact telephony, SMS, and MMS features. The vulnerability can cause a local denial of service without extra privileges or user interaction, as reported b...

firefox: thunderbird: Privilege escalation in the Messaging System component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Messaging System component...

firefox: thunderbird: Privilege escalation in the Messaging System component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Messaging System component...

firefox: thunderbird: Privilege escalation in the Messaging System component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Messaging System component...

firefox: thunderbird: Privilege escalation in the Messaging System component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Messaging System component...

firefox: thunderbird: Privilege escalation in the Messaging System component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Messaging System component...

firefox: thunderbird: Privilege escalation in the Messaging System component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Messaging System component...