EUVD-2025-209243

An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DA...

CVE-2026-1625

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

EUVD-2026-4938

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

CVE-2026-1625

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

CVE-2026-1625 D-Link DWR-M961 SMS Message formSmsManage sub_4250E0 command injection

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

EUVD-2011-4616

Malware in sbrugna...

CVE-2023-47610

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message...

CVE-2021-39739

In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:...

CVE-2018-15661

An issue was discovered in the Ola Money aka com.olacabs.olamoney application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does...

UBUNTU-CVE-2024-7547

oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

SUSE CVE-2011-1091

libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 through 2.7.10 allows 1 remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a malformed YMSG notification packet, and allows 2 remote Yahoo! servers to cause a denial of...

Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

A week after it emerged that a sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in Google Play Protect — Android's built-in...

Huawei EulerOS: Security Advisory for python-rtslib (EulerOS-SA-2021-2164)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-16256

Some Samsung devices include the SIMalliance Toolbox Browser aka S@T Browser on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit STK instructions in an SMS message, aka Simjacker...

Design/Logic Flaw

Some Motorola devices include the SIMalliance Toolbox Browser aka S@T Browser on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit STK instructions in an SMS message, aka Simjacker...

CVE-2019-16257

Some Motorola devices include the SIMalliance Toolbox Browser aka S@T Browser on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit STK instructions in an SMS message, aka Simjacker...

CVE-2019-16256

Some Samsung devices include the SIMalliance Toolbox Browser aka S@T Browser on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit STK instructions in an SMS message, aka Simjacker. Recent...

CVE-2015-7287

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message...

Command injection

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command...

Design/Logic Flaw

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge of this PIN and including it in an SMS message...