CVE-2025-55292

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...

PT-2026-5035

Name of the Vulnerable Software and Affected Versions Meshtastic versions prior to 2.7.6.834c3c5 Description Meshtastic is a mesh networking solution where nodes are identified by their NodeID, derived from the MAC address, rather than their public key. This design flaw allows an attacker to forg...

U.S. Dept Of Defense: XSS via Client Side Template Injection on www.███/News/Speeches

Dear DoD - Team, I am able to execute javascript code on www.███████/News/Speeches. This endpoint has a search functionality with the parameter Search. The supplied value to this parameter gets embedded into the website. Furthermore the frontend of the website is presumably created with a templat...

Sola Support Ticket <= 3.12 - XSS & Configuration Change

Any logged in user with any role and access to wp-admin in any way can update plugin settings including allowing HTML to be parsed. One can also change any notification messages to include JS which then can be used to obtain information by forgery. PoC Make POST request to /wp-admin with paramete...