Lucene search
K

113 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-19065

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25140

Malicious code in bioql PyPI...

9.4CVSS6.5AI score0.00394EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-47079

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmwar...

6.4CVSS5.5AI score0.00186EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/08/19 11:21 p.m.3 views

SUSE CVE-2025-55293

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.8CVSS6.7AI score0.00394EPSS
Exploits0References3
NVD
NVD
added 2025/08/18 6:15 p.m.7 views

CVE-2025-55293

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.8CVSS0.00394EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/18 5:24 p.m.4 views

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.4CVSS6.7AI score0.00394EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/18 5:24 p.m.10 views

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.4CVSS0.00394EPSS
Exploits0References3
OSV
OSV
added 2025/08/18 5:24 p.m.6 views

CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB

Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...

9.4CVSS6.6AI score0.00394EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.7 views

PT-2025-33677 · Unknown · Meshtastic

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.6.3 Description: Meshtastic is a mesh networking solution. An attacker can send NodeInfo with an empty publicKey to bypass size checks, clearing the existing public key. Subsequently, a new key can be sent and...

9.4CVSS6.9AI score0.00394EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/08/18 12:0 a.m.3 views

Meshtastic 授权问题漏洞

Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. An authorization issue vulnerability exists in Meshtastic versions prior to 2.6.3, which stems from bypassing public key authentication and could lead to malicious key overwriting...

9.8CVSS6.8AI score0.00394EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/07/13 5:9 p.m.9 views

CVE-2024-47065

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...

6.9CVSS6.3AI score0.00242EPSS
Exploits1References1
NVD
NVD
added 2025/07/11 5:15 p.m.10 views

CVE-2024-47065

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...

6.9CVSS0.00242EPSS
Exploits1References1
OSV
OSV
added 2025/07/11 5:0 p.m.8 views

CVE-2024-47065 Traceroute_APP responses are not rate-limited.

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...

6.9CVSS6.7AI score0.00242EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/07/11 5:0 p.m.12 views

CVE-2024-47065 Traceroute_APP responses are not rate-limited.

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...

6.9CVSS0.00242EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/07/11 5:0 p.m.5 views

CVE-2024-47065 Traceroute_APP responses are not rate-limited.

Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...

6.9CVSS6.3AI score0.00242EPSS
Exploits1References1
CVE
CVE
added 2025/07/11 5:0 p.m.23 views

CVE-2024-47065

CVE-2024-47065 affects Meshtastic before version 2.5.1, where traceroute responses from remote nodes were not rate limited. This allows rapid, repeated responses (approximately 100 samples in ~2 minutes) and can enable a 2:1 reflected DoS, with positional confidentiality concerns highlighted as a...

6.9CVSS7AI score0.00242EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/07/11 12:0 a.m.6 views

Meshtastic 安全漏洞

Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security vulnerability exists in Meshtastic versions prior to 2.5.1 that stems from an unrate-limited traceroute response from a remote node, which could lead to location confidentiality issue...

6.9CVSS6.5AI score0.00242EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/07/11 12:0 a.m.7 views

PT-2025-29265 · Unknown · Meshtastic

Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.5.1 Description: Meshtastic, an open source mesh networking solution, does not rate limit traceroute responses from remote nodes in versions prior to 2.5.1. This allows an attacker to reliably and continuously...

6.9CVSS6.4AI score0.00242EPSS
Exploits1References6
NVD
NVD
added 2025/07/10 10:15 p.m.6 views

CVE-2025-24798

Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains wantresponse==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This...

6.5CVSS0.00375EPSS
Exploits1References3
NVD
NVD
added 2025/07/10 10:15 p.m.8 views

CVE-2025-53637

Meshtastic is an open source mesh networking solution. The mainmatrix.yml GitHub Action is triggered by the pullrequesttarget event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull request. In the shell code execution part,...

8CVSS0.00328EPSS
Exploits0References2
Rows per page
Query Builder