1001 matches found
CVE-2025-32885
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message into existing v1 networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...
CVE-2025-32883
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The app there makes it possible to inject any custom message into existing mesh networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...
CVE-2023-53048
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix warning when handle discoveridentity message Since both source and sink device can send discoveridentity message in PD3, kernel may dump below warning: ------------ cut here ------------ WARNING: CPU: 0 PID:...
CVE-2025-32885
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message into existing v1 networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...
CVE-2025-32885
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message into existing v1 networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...
CVE-2025-32885
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message into existing v1 networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...
CVE-2025-32883
...
CVE-2025-32883
The CVE-2025-32883 entry concerns goTenna Mesh versions 5.5.3 and firmware 1.1.12. A vulnerability allows injection of custom messages into existing mesh networks using a software defined radio, with attacker-supplied GID and Callsign. The issue is exploitable in unencrpyted environments or when ...
CVE-2025-32883
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The app there makes it possible to inject any custom message into existing mesh networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...
CVE-2025-32885
An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. The app there makes it possible to inject any custom message into existing v1 networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...
CVE-2025-32885
Affected software/hardware: goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Vulnerability: The app enables injection of custom messages into existing v1 networks via a software‑defined radio, using any GID and Callsign. Root cause/condition: exploitation in unencrypted environments or when...
PT-2025-18670 · Gotenna · Gotenna Mesh
Name of the Vulnerable Software and Affected Versions: goTenna Mesh versions 5.5.3 and firmware 1.1.12 Description: An issue was discovered that allows the injection of custom messages into existing mesh networks with any GID and Callsign via a software defined radio. This can be exploited if the...
Important: Red Hat Security Advisory: Red Hat Ceph Storage 6.1 bug fix update
An update is now available for Red Hat Ceph Storage 6.1. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. These new packages...
Important: Red Hat Security Advisory: Updated 6.1 container image is now available in the Red Hat Ecosystem Catalog.
A new container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities,...
CVE-2025-32385 EspoCRM allows unrestricted Embedding in Iframe dashlet
EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and...
The vulnerability of the !defined() function (kernel/sched/core.c) in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the !defined function in the Linux kernel/sched/core.c file is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow an attacker to cause a service failure...
GHSA-4VJP-327P-W4QV Jenkins Templating Engine Plugin Vulnerable to Arbitrary Code Execution
Jenkins Templating Engine Plugin allows defining libraries both in the global configuration, as well as scoped to folders containing the pipelines using them. While libraries in the global configuration can only be set up by administrators and can therefore be trusted, libraries defined in folder...
Important: Red Hat Security Advisory: RHODF-4.17-RHEL-9 security update
Updated images are now available for RHODF-4.17-RHEL-9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
CVE-2024-7764
Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection against injecting additional SQL commands from user requests. The vulnerability occurs when the generatesql function calls extractsql with the LLM response. An attacker can include a semi-colon between a search data fie...
CVE-2024-7764
Vanna-ai v0.6.2 is vulnerable to SQL Injection due to insufficient protection when generate_sql calls extract_sql on the LLM response. An attacker can insert a semicolon between a data field and their own command, causing extract_sql to remove LLM-generated SQL and execute the attacker’s command ...