EUVD-2025-13279

Malicious code in bioql PyPI...

BIT-DISCOURSE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML...

PT-2025-18670 · Gotenna · Gotenna Mesh

Name of the Vulnerable Software and Affected Versions: goTenna Mesh versions 5.5.3 and firmware 1.1.12 Description: An issue was discovered that allows the injection of custom messages into existing mesh networks with any GID and Callsign via a software defined radio. This can be exploited if the...

CVE-2025-32885

Affected software/hardware: goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Vulnerability: The app enables injection of custom messages into existing v1 networks via a software‑defined radio, using any GID and Callsign. Root cause/condition: exploitation in unencrypted environments or when...

CVE-2025-32885

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message into existing v1 networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...

CVE-2024-57440

D-Link DSL-3788 revA1 1.01R1B036EUEN is vulnerable to Buffer Overflow via the COMMMAKECustomMsg function of the webproc cgi...

PT-2025-12358

Name of the Vulnerable Software and Affected Versions D-Link DSL-3788 revA1 version 1.01R1B036 EU EN Description The issue is related to a buffer overflow that can occur through the COMM MAKECustomMsg function of the webproc cgi. This function is part of the web procedure and can be exploited,...

CVE-2024-47127

In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the...

CVE-2024-41722

In the goTenna Pro ATAK Plugin there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or ...

CVE-2024-47127

CVE-2024-47127 affects goTenna Pro App (and Pro X/Pro X2 ecosystems). A vulnerability described across connected documents allows injecting arbitrary messages with any GID/Callsign into existing goTenna mesh networks via a software-defined radio, applicable when encryption is absent or cryptograp...

CVE-2022-34771

Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the...

CVE-2022-34771

Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the...

PT-2022-22322 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue allows an adversary to send messages on Tabit's behalf to anyone registered on the system. The resend OTP API receives parameters such as phone number and CustomMessage, which can b...

CVE-2022-34771

Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the...

Dell EMC iDRAC9 and EMC iDRAC8 Spoofing Vulnerability

Dell EMC iDRAC9 is the United States Dell DELL company's set of hardware and software system management solutions. The solution provides remote management, crash system recovery and power control for Dell PowerEdge systems.Dell EMC iDRAC8 versions prior to 2.80.80.80 and Dell EMC iDRAC9 versions...

Contextual Adminbar Color < 0.3 - Authenticated Stored Cross-Site Scripting Issue

The variable $message is not escaped : $message = sanitizetextfield $currentsettings'message' ; Then, it's printed in a value attribute : value="" Edit WPScanTeam: Put the payload below in the custom message field in the plugin's settings page Tools Adminbar Settings: " onfocus=alert2...

CVE-2018-18467

An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent...

CVE-2018-18467

An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent...

CVE-2018-18467

An issue was discovered in Daniel Gultsch Conversations 2.3.4. It is possible to spoof a custom message to an existing opened conversation by sending an intent...