113 matches found
EUVD-2025-19065
Malicious code in bioql PyPI...
EUVD-2025-25140
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-47079
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Meshtastic is an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic firmware is an open source firmwar...
SUSE CVE-2025-55293
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...
CVE-2025-55293
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...
CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...
CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...
CVE-2025-55293 Meshtastic allows crafting of specific NodeInfo packets that overwrite any publicKey saved in the NodeDB
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if p.publickey.size 0 ', clearing the existing publicKey and resetting the size to 0 for a know...
PT-2025-33677 · Unknown · Meshtastic
Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.6.3 Description: Meshtastic is a mesh networking solution. An attacker can send NodeInfo with an empty publicKey to bypass size checks, clearing the existing public key. Subsequently, a new key can be sent and...
Meshtastic 授权问题漏洞
Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. An authorization issue vulnerability exists in Meshtastic versions prior to 2.6.3, which stems from bypassing public key authentication and could lead to malicious key overwriting...
CVE-2024-47065
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...
CVE-2024-47065
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...
CVE-2024-47065 Traceroute_APP responses are not rate-limited.
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...
CVE-2024-47065 Traceroute_APP responses are not rate-limited.
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...
CVE-2024-47065 Traceroute_APP responses are not rate-limited.
Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each received transmission, this is a guaranteed way to get a remote station to reliably and continuously...
CVE-2024-47065
CVE-2024-47065 affects Meshtastic before version 2.5.1, where traceroute responses from remote nodes were not rate limited. This allows rapid, repeated responses (approximately 100 samples in ~2 minutes) and can enable a 2:1 reflected DoS, with positional confidentiality concerns highlighted as a...
Meshtastic 安全漏洞
Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. A security vulnerability exists in Meshtastic versions prior to 2.5.1 that stems from an unrate-limited traceroute response from a remote node, which could lead to location confidentiality issue...
PT-2025-29265 · Unknown · Meshtastic
Name of the Vulnerable Software and Affected Versions: Meshtastic versions prior to 2.5.1 Description: Meshtastic, an open source mesh networking solution, does not rate limit traceroute responses from remote nodes in versions prior to 2.5.1. This allows an attacker to reliably and continuously...
CVE-2025-24798
Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains wantresponse==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This...
CVE-2025-53637
Meshtastic is an open source mesh networking solution. The mainmatrix.yml GitHub Action is triggered by the pullrequesttarget event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull request. In the shell code execution part,...