16 matches found
PT-2026-45830
wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that is shorter than 16 bytes, the Wire iOS client crashes. The crash is triggered automatically after message receiv...
EUVD-2018-20517
Malware in sbrugna...
EUVD-2021-19481
Malware in sbrugna...
EUVD-2022-46667
Malicious code in bioql PyPI...
CVE-2025-49846
wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself were not affected,...
CVE-2025-49846 wire-ios accidentally logs message contents
wire-ios is an iOS client for the Wire secure messaging application. From Wire iOS 3.111.1 to before 3.124.1, messages that were visible in the view port have been logged to the iOS system logs in clear text. Wire application logs created and managed by the application itself were not affected,...
CVE-2022-43673
Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved for a limited period of time from the AppData\Roaming\Wire\IndexedDB\httpsapp.wire.com0.indexeddb.leveldb database...
CVE-2021-32755
Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a new web socket implementation was introduced for users running iOS 13 or higher. This new...
CVE-2018-8909
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala...
CVE-2022-29168
Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...
CVE-2020-15258
In Wire before 3.20.x, shell.openExternal was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened. The...
Wire wire-ios data forgery issue vulnerability
Wire is a chat software by an individual developer. The program supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original way of saying hello, PING. A data forgery vulnerability exists in Wire wire-ios 3.8.0 and earlier versions...
CVE-2018-8909
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala...
CVE-2018-8909
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala...
Design/Logic Flaw
The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala...
CVE-2018-8909
CVE-2018-8909 affects the Wire app for Android prior to 2018-03-07, enabling a path traversal via a ../ in the filename of a received file (AssetService.scala) to write outside the downloads directory. This is described consistently across multiple sources (NVD/NVD mirror, Red Hat, Alpine Linux, ...