2878 matches found
Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read
An arbitrary file read vulnerability, also known as a "path traversal" or "directory traversal" vulnerability, occurs when an attacker is able to access files on a system that they shouldn't have access to. This vulnerability arises from improper input validation or insufficient access controls i...
CVE-2026-11387 SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...
EUVD-2026-40922
The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...
Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials
The Security Service of Ukraine SSU said it, together with the U.S. Federal Bureau of Investigation FBI, uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in...
OPENSUSE-SU-2026:21154-1 Security update for ofono
This update for ofono fixes the following issues: Changes in ofono: - Reference the tracking bugs for the SMS/STK/USSD decoder security fixes applied upstream across the 2.14-2.17 updates: SMS decoder stack buffer overflows: CVE-2023-2794 boo1218292, CVE-2023-4232 boo1218293, CVE-2023-4233...
EUVD-2026-37639
Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...
EUVD-2026-37638
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
EUVD-2025-210213
In multiple functions of btmsec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2026-54803
Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...
CVE-2026-54803 WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...
CVE-2026-54802 WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
CVE-2026-54802
CVE-2026-54802 affects the WordPress plugin “SMS Alert Order Notifications” (versions
CVE-2026-28587
CVE-2026-28587 affects the MmsSmsProvider component (MmsSmsProvider.java), enabling local information disclosure via a missing permission check. Exploitation requires no user interaction and does not require additional privileges; impact is confined to information disclosure. The vulnerability is...
New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla , that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends...
EUVD-2026-36993
Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...
CVE-2026-40790
Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...
CVE-2026-40790 WordPress WP SMS plugin <= 7.2.1 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...
CVE-2026-40790
The CVE-2026-40790 entry concerns the WordPress WP SMS plugin, versions ≤ 7.2.1, with a Subscriber Sensitive Data Exposure vulnerability. The connected data specify a network-accessible issue with low attacker privileges, no user interaction, and high confidentiality impact (CVSS v3.1 base 6.5, M...
CVE-2026-40790 WordPress WP SMS plugin <= 7.2.1 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...
PT-2026-49428
Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...