EUVD-2025-13454

Malicious code in bioql PyPI...

Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers

A Türkiye-affiliated threat actor exploited a zero-day security flaw in an Indian enterprise communication platform called Output Messenger as part of a cyber espionage attack campaign since April 2024. "These exploits have resulted in a collection of related user data from targets in Iraq," the...

CVE-2025-27921

A reflected cross-site scripting XSS vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization o...

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

CVE-2025-27921

A reflected cross-site scripting XSS vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization o...

CVE-2025-27921

A reflected cross-site scripting XSS vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization o...

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

CVE-2025-27920

Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access...

Output Messenger 安全漏洞

Output Messenger is an enterprise-grade instant messaging and collaboration software from Output Messenger, Inc. that provides secure internal communications, file sharing, screen sharing, and remote desktop control. A security vulnerability exists in Output Messenger versions prior to 2.0.63,...

CVE-2025-27921

CVE-2025-27921 is a reflected XSS in Output Messenger prior to version 2.0.63 where user input is reflected in the web app response. Affected product: Output Messenger (client/web component). Mitigations reported: upgrade to version 2.0.63 or later; no exploitation of this CVE has been observed b...

CVE-2025-27920

CVE-2025-27920 affects Output Messenger prior to version 2.0.63 (Windows) with a directory traversal vulnerability in the Output Messenger Server Manager that allows an authenticated user to use ../../.. sequences in file-path parameters to access files outside the intended directory, potentially...

PT-2025-19715 · Unknown · Output Messenger

Name of the Vulnerable Software and Affected Versions: Output Messenger versions prior to 2.0.63 Description: A reflected cross-site scripting XSS vulnerability was discovered in Output Messenger, where unsanitized input could be injected into the web application’s response. This occurs when...

CVE-2025-27921

A reflected cross-site scripting XSS vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization o...

PT-2025-19714 · Unknown · Output Messenger

Name of the Vulnerable Software and Affected Versions: Output Messenger versions prior to 2.0.63 Description: The issue is related to a directory traversal vulnerability in the Output Messenger Server Manager application. This vulnerability allows remote attackers to access sensitive files outsid...