Cloudlog - SQL Injection

Cloudlog 2.6.15 contains a SQL injection caused by unsanitized input in oqrs.php requestform, letting attackers execute arbitrary SQL commands via stationid or callsign, exploit requires sending crafted request. id: CVE-2024-48259 info: name: Cloudlog - SQL Injection author: s4e-io severity: high...

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the fact that the values of latitude, longitude, callsign, mph, altitude, and timestamp,...

EUVD-2022-1427

Malicious code in bioql PyPI...

EUVD-2024-42276

Malicious code in bioql PyPI...

EUVD-2024-41625

Malicious code in bioql PyPI...

MAL-2025-5374 Malicious code in callsign-async-runner (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 993c282c40085606e14525d46841a996c7a8dcd50109db7828093a3d60254942 Any computer that has this package installed or running should be considered...

Malicious code in callsign-async-runner (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 993c282c40085606e14525d46841a996c7a8dcd50109db7828093a3d60254942 Any computer that has this package installed or running should be considered...

CVE-2024-47124

The goTenna Pro App does not encrypt callsigns in messages. It is recommended to not use sensitive information in callsigns when using this and previous versions of the app and update your app to the current app version which uses AES-256 encryption for callsigns in encrypted operation...

CVE-2022-25507

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

CVE-2025-32885

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message into existing v1 networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...

CVE-2024-48259

Cloudlog 2.6.15 allows Oqrs.php requestform SQL injection via stationid or callsign...

CVE-2024-48259

Cloudlog 2.6.15 allows Oqrs.php requestform SQL injection via stationid or callsign...

CVE-2024-48259

Cloudlog 2.6.15 allows Oqrs.php requestform SQL injection via stationid or callsign...

CVE-2024-48259

Cloudlog 2.6.15 allows Oqrs.php requestform SQL injection via stationid or callsign...

CVE-2024-48259

Cloudlog 2.6.15 is vulnerable to an SQL injection in Oqrs.php request_form via station_id or callsign. The root cause is an unsafe handling of input in the Oqrs.php endpoint, enabling crafted queries. Impact is disclosed as SQL injection with potential data exposure or modification; no explicit e...

CVE-2024-47127

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the...

CVE-2024-47127 Weak Authentication in goTenna Pro

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the...

CVE-2024-47127

CVE-2024-47127 affects goTenna Pro App (and Pro X/Pro X2 ecosystems). A vulnerability described across connected documents allows injecting arbitrary messages with any GID/Callsign into existing goTenna mesh networks via a software-defined radio, applicable when encryption is absent or cryptograp...

PT-2024-32422 · Gotenna · Gotenna Pro App +2

Name of the Vulnerable Software and Affected Versions: goTenna Pro App affected versions not specified goTenna Pro X goTenna Pro X2 Description: The issue allows an attacker to inject custom messages with any GID and Callsign into existing goTenna mesh networks using a software-defined radio. Thi...

Cross-site Scripting (XSS)

freetakserverui is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization via the Callsign parameter...