CVE-2025-55292

Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their public key. This aspect downgrades the security, specifically by abusing the HAM mode which doesn't use encryption...

PT-2025-52287

Name of the Vulnerable Software and Affected Versions omec-project UPF versions up to 2.1.3-dev Description A denial-of-service issue exists in the UPF component upf-epc/pfcpiface. When the UPF receives a PFCP Association Setup Request lacking the mandatory NodeID Information Element, the...

EUVD-2009-2141

Malware in sbrugna...

EUVD-2020-7701

Malware in sbrugna...

There is no way to recover from error state

Lines of code Vulnerability details Impact There is no way to recover from error state Proof of Concept To address report M-3, in PR, The finishFailedMinipoolByMultisig method removed, while this does not block user from withdraw the fund in the error state in the current implementation. I think...

MinipoolManager.sol : createMinipool does not check the owner of node when overwriting

Lines of code Vulnerability details Impact owner will be deprived from picking the node id which they already used. when natspec says // If nodeID exists, only allow overwriting if node is finished or canceled The pool that are marked as Withdrawable and Error are also used to overwrite the node ...

Malicious user can use previously used nodeID to prevent user(s) from withdrawing minipool funds

Lines of code Vulnerability details In createMinipool, an event is emitted with details of a newly created minipool. This includes relevant information that a subsequent user can utilise to create another minipool.The only condition that prevents a minipool from being created again with the same...

CVE-2022-25302

All versions of package asneg/opcuastack are vulnerable to Denial of Service DoS due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message...

CVE-2022-25302

All versions of package asneg/opcuastack are vulnerable to Denial of Service DoS due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message...

CVE-2022-25231

The package node-opcua before 2.74.0 are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit...

CVE-2022-25302

All versions of package asneg/opcuastack are vulnerable to Denial of Service DoS due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message...

Denial of Service (DoS)

Overview node-opcua is an implementation of a OPC UA stack fully written in javascript and nodejs Affected versions of this package are vulnerable to Denial of Service DoS by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds t...

rConfig Code Execution Vulnerability

rConfig is an open source network configuration management utility . A code execution vulnerability exists in the search.crud.php script in rConfig version 3.9.5, which can be exploited by a remote attacker to execute arbitrary code on a system with the help of the 'nodeId' parameter...

CVE-2020-15715

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...

CVE-2020-15715

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...

Code injection

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...

CVE-2020-15715

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...

CVE-2020-15715

CVE-2020-15715 affects rConfig 3.9.5 and earlier. An authenticated remote attacker can execute arbitrary code due to an error in the search.crud.php script, exploitable via the nodeId parameter. Public sources indicate a fix in a subsequent release (rConfig 3.9.6); successful exploitation yields ...

vBulletin 5.6.1 - 'nodeId' SQL Injection

Exploit Title: vBulletin 5.6.1 - 'nodeId' SQL Injection Date: 2020-05-15 Exploit Author: Photubias Vendor Advisory: 1 https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcementsaa/4440032-vbulletin-5-6-1-security-patch-level-1 Version: vBulletin v5.6.x prior to Patch Level 1...

rConfig Command Injection Vulnerability

rConfig is an open source network configuration management utility . A command injection vulnerability exists in rConfig versions prior to 3.9.5, which stems from the 'nodeId' parameter not being escaped and passed directly to the 'exec' function, which can be exploited to execute arbitrary...