Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25140

Malicious code in bioql PyPI...

9.4CVSS6.5AI score0.00398EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/20 5:33 p.m.7 views

CVE-2025-55293

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.4CVSS5.9AI score0.00398EPSS
Exploits0References1
NVD
NVD
added 2025/08/18 6:15 p.m.4 views

CVE-2025-55293

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.8CVSS0.00398EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/18 5:24 p.m.9 views

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.4CVSS0.00398EPSS
Exploits0References3
CVE
CVE
added 2025/08/18 5:24 p.m.27 views

CVE-2025-55293

Meshtastic (vulnerable before 2.6.3) allows crafting NodeInfo packets to overwrite a known node’s publicKey in NodeDB. Attack flow: first send NodeInfo with an empty publicKey to bypass size checks (clears existing key), then send a new key that gets stored. Root cause is improper handling of emp...

9.8CVSS6.2AI score0.00398EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/18 5:24 p.m.6 views

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.4CVSS6.6AI score0.00398EPSS
Exploits0References5
Rows per page
Query Builder