24 matches found
EUVD-2025-13454
Malicious code in bioql PyPI...
Output Messenger < 2.0.63 Multiple Vulnerabilities
The version of Output Messenger formerly Srimax Output Messenger is affected by multiple vulnerabilities, as follows: - Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access...
Srimax Output Messenger Installed (macOS)
Binary data srimaxoutputmessengermacosinstalled.nbin...
Srimax Output Messenger Installed (Linux)
Binary data srimaxoutputmessengerlinuxinstalled.nbin...
Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers
A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the...
Marbled Dust leverages zero-day in Output Messenger for regional espionage
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...
Marbled Dust leverages zero-day in Output Messenger for regional espionage
Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability CVE-2025-27920 in the messaging app Output Messenger, a multiplatform chat software. These exploits have...
VulnCheck KEV: CVE-2025-27920
Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...
CVE-2025-27921
A reflected cross-site scripting XSS vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization o...
CVE-2025-27920
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...
CVE-2025-27921
A reflected cross-site scripting XSS vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization o...
CVE-2025-27921
A reflected cross-site scripting XSS vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization o...
CVE-2025-27920
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...
CVE-2025-27920
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...
CVE-2025-27920
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...
CVE-2025-27921
A reflected cross-site scripting XSS vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization o...
CVE-2025-27920
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...
Output Messenger 安全漏洞
Output Messenger is an enterprise-grade instant messaging and collaboration software from Output Messenger, Inc. that provides secure internal communications, file sharing, screen sharing, and remote desktop control. A security vulnerability exists in Output Messenger versions prior to 2.0.63,...
CVE-2025-27920
CVE-2025-27920 affects Output Messenger prior to version 2.0.63 (Windows) with a directory traversal vulnerability in the Output Messenger Server Manager that allows an authenticated user to use ../../.. sequences in file-path parameters to access files outside the intended directory, potentially...
CVE-2025-27921
CVE-2025-27921 is a reflected XSS in Output Messenger prior to version 2.0.63 where user input is reflected in the web app response. Affected product: Output Messenger (client/web component). Mitigations reported: upgrade to version 2.0.63 or later; no exploitation of this CVE has been observed b...