35 matches found
EUVD-2025-13280
Malicious code in bioql PyPI...
EUVD-2025-13274
Malicious code in bioql PyPI...
EUVD-2025-13277
Malicious code in bioql PyPI...
CVE-2025-32890
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...
CVE-2025-32883
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The app there makes it possible to inject any custom message into existing mesh networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...
CVE-2025-32884
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...
CVE-2025-32888
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app...
CVE-2025-32890
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...
CVE-2025-32888
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app...
CVE-2025-32888
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The verification token used for sending SMS through a goTenna server is hardcoded in the app...
CVE-2025-32890
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...
CVE-2025-32883
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-41722. Reason: This candidate is a reservation duplicate of CVE-2024-41722. Notes: All CVE users should reference CVE-2024-41722. instead of this candidate. All references and descriptions in this candidate have been removed ...
CVE-2025-32884
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...
CVE-2025-32884
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...
CVE-2025-32884
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...
CVE-2025-32890
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...
CVE-2025-32883
The CVE-2025-32883 entry concerns goTenna Mesh versions 5.5.3 and firmware 1.1.12. A vulnerability allows injection of custom messages into existing mesh networks using a software defined radio, with attacker-supplied GID and Callsign. The issue is exploitable in unencrpyted environments or when ...
CVE-2025-32888
GoTenna Mesh CVE-2025-32888 affects devices running app 5.5.3 with firmware 1.1.12, where the verification token used for sending SMS through a goTenna server is hardcoded in the app. Reported impact indicators show high severity (CVSS v3.1: base score 8.8) with confidentiality, integrity, and av...
CVE-2025-32890
CVE-2025-32890 affects goTenna Mesh devices running app 5.5.3 and firmware 1.1.12. The root cause is a custom encryption implementation without additional integrity checks, making messages malleable and potentially accessible to an attacker who can access the message. The connected documents conf...
CVE-2025-32883
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The app there makes it possible to inject any custom message into existing mesh networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...