EUVD-2025-208325

OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter...

PT-2025-33281 · Undefined · Undefined

KuWFi CPF908-CP5 WEB5.0 LCD 20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goform set cmd process and goform/goform get cmd process. These allow an unauthenticated attacker to retrieve sensitive information including the device admin username and...

CVE-2025-43983

KuWFi CPF908-CP5 WEB5.0LCD20210125 devices have multiple unauthenticated access control vulnerabilities within goform/goformsetcmdprocess and goform/goformgetcmdprocess. These allow an unauthenticated attacker to retrieve sensitive information including the device admin username and password,...

CVE-2013-4764

Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission...

CVE-2022-34771

Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the...

Sql injection

Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the...

CVE-2022-34771 Tabit - arbitrary SMS send on Tabits behalf

Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the...

CVE-2022-34771

CVE-2022-34771 concerns Tabit’s resend OTP API, which accepts parameters including a phone number and a CustomMessage. The connected sources describe an adversary being able to send messages on Tabit’s behalf to any registered user, potentially enabling template injection (e.g., using {{OTP}} in ...

CVE-2013-4763

Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission...

ServersCheck Monitoring Software 8.8.x - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/49793/info ServersCheck Monitoring Software is prone to multiple remote input-validation vulnerabilities, including: 1. Multiple HTML-injection vulnerabilities 2. Multiple cross-site scripting vulnerabilities 3. A cross-site request forgery vulnerability ...