Lucene search
K

2876 matches found

Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.6 views

PT-2026-23502

Name of the Vulnerable Software and Affected Versions OpenCode Systems OC Messaging / USSD Gateway version 6.32.2 Description The software contains a flaw in access control within the web-based control panel. An authenticated attacker with limited privileges can access arbitrary SMS messages by...

8.1CVSS5.9AI score0.00261EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/05 12:0 a.m.5 views

CVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

5.9AI score0.00261EPSS
Exploits0References1
CVE
CVE
added 2026/03/05 12:0 a.m.11 views

CVE-2025-70614

The CVE-2025-70614 entry applies to OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2. The vulnerability is due to broken access control in the web-based control panel, allowing an authenticated low-privileged user to access arbitrary SMS messages by tampering with a company or tenan...

8.1CVSS6AI score0.00261EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/05 12:0 a.m.35 views

CVE-2025-70614

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.22 views

EUVD-2019-19732

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. Attackers can exploit the vulnerable password parameter in requests to...

8.8CVSS6AI score0.00453EPSS
Exploits1References3
NVD
NVD
added 2026/03/02 7:16 p.m.7 views

CVE-2025-48609

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not...

9.1CVSS0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/02 6:42 p.m.6 views

EUVD-2025-208209

In multiple functions of MmsProvider.java, there is a possible way to arbitrarily delete files which affect telephony, SMS, and MMS functionalities due to a path traversal error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not...

6.1AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.6 views

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8.8CVSS6.6AI score0.01934EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/27 10:14 a.m.14 views

CVE-2026-28136

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through = 6.9.12...

7.6CVSS6AI score0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 3:30 a.m.6 views

EUVD-2026-8980

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8CVSS6AI score0.01934EPSS
Exploits0References4
NVD
NVD
added 2026/02/27 2:16 a.m.18 views

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8.8CVSS0.01934EPSS
Exploits0References3
OSV
OSV
added 2026/02/27 2:16 a.m.3 views

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8.8CVSS6.1AI score0.01934EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/27 1:6 a.m.22 views

CVE-2026-3037 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8CVSS0.01934EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/27 1:6 a.m.4 views

CVE-2026-3037

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8.8CVSS6.1AI score0.01934EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 1:6 a.m.5 views

CVE-2026-3037 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed duri...

8CVSS6.3AI score0.01934EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

Copeland XWEB PRO 操作系统命令注入漏洞

Copeland XWEB PRO is an advanced commercial and industrial refrigeration monitoring and management system developed by the American company Copeland. Versions of Copeland XWEB PRO prior to 1.12.1 contained a vulnerability related to operating system command injection. This vulnerability stemmed...

8.8CVSS6.2AI score0.01934EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22279

Name of the Vulnerable Software and Affected Versions XWEB Pro versions 1.12.1 and earlier Description A flaw exists that allows a logged-in attacker to execute code on a system remotely. This is achieved by altering harmful input within the URL of the MBird SMS service and/or code through the...

8.8CVSS6.3AI score0.01934EPSS
Exploits0References9
NVD
NVD
added 2026/02/26 9:16 a.m.7 views

CVE-2026-28136

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through = 6.9.12...

7.6CVSS0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 8:33 a.m.5 views

CVE-2026-28136 WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through = 6.9.12...

7.6CVSS5.7AI score0.00285EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 8:33 a.m.22 views

CVE-2026-28136 WordPress WP SMS plugin <= 6.9.12 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through = 6.9.12...

7.6CVSS0.00285EPSS
Exploits0References1
Rows per page
Query Builder