Lucene search
K

2875 matches found

Cvelist
Cvelist
added yesterday14 views

CVE-2026-11387 SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...

9.8CVSS0.0038EPSS
Exploits0References8
EUVD
EUVD
added yesterday6 views

EUVD-2026-40922

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...

9.8CVSS5.9AI score0.0038EPSS
Exploits0References8
Nuclei
Nuclei
added yesterday13 views

Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read

An arbitrary file read vulnerability, also known as a "path traversal" or "directory traversal" vulnerability, occurs when an attacker is able to access files on a system that they shouldn't have access to. This vulnerability arises from improper input validation or insufficient access controls i...

8.7CVSS7.5AI score0.02004EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in ofono

A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was triggered within the decodesubmitreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through...

8.1CVSS7.1AI score0.01139EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in ofono

A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug occurs within the decodedeliver function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through SMS. There i...

8.1CVSS7.1AI score0.0124EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in ofono

A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug was triggered within the decodedeliverreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through...

8.1CVSS7.2AI score0.00936EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in ofono

oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...

7.8CVSS7.5AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2026-37639

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

9.8CVSS5.2AI score0.0045EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37638

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

7.5CVSS5.2AI score0.00381EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2025-210213

In multiple functions of btmsec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-54803

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

9.8CVSS0.0045EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.28 views

CVE-2026-54803 WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

9.8CVSS0.0045EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.27 views

CVE-2026-54802 WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...

7.5CVSS0.00381EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.15 views

CVE-2026-54802

CVE-2026-54802 affects the WordPress plugin “SMS Alert Order Notifications” (versions

7.5CVSS5.2AI score0.00381EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 7:21 a.m.11 views

CVE-2026-28587

CVE-2026-28587 affects the MmsSmsProvider component (MmsSmsProvider.java), enabling local information disclosure via a missing permission check. Exploitation requires no user interaction and does not require additional privileges; impact is confined to information disclosure. The vulnerability is...

10CVSS5.5AI score0.00115EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2026/06/16 1:10 p.m.21 views

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds

Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla , that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends...

5.7AI score
Exploits0
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36993

Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.5 views

CVE-2026-40790

Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...

6.5CVSS0.00326EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.25 views

CVE-2026-40790 WordPress WP SMS plugin <= 7.2.1 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in WP SMS = 7.2.1 versions...

6.5CVSS0.00326EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.8 views

CVE-2026-40790

The CVE-2026-40790 entry concerns the WordPress WP SMS plugin, versions ≤ 7.2.1, with a Subscriber Sensitive Data Exposure vulnerability. The connected data specify a network-accessible issue with low attacker privileges, no user interaction, and high confidentiality impact (CVSS v3.1 base 6.5, M...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References1
Rows per page
Query Builder