Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

49 matches found

CVE
CVEadded 2025/05/28 12:0 a.m.45 views

CVE-2025-48931

The CVE-2025-48931 entry concerns TeleMessage service passwords hashed with MD5 (through 2025-05-05). Root cause: MD5-based password hashing enabling rainbow-table and related attacks with low computational effort. Impact is implied as password-cryptography weakness; no explicit exploited vector ...

5.5CVSS7.4AI score0.00032EPSS
Exploits0References1Affected Software1
CVE
CVEadded 2025/05/28 12:0 a.m.167 views

CVE-2025-48928

CVE-2025-48928 affects the TeleMessage service (TeleMessage TM SGNL) running a JSP-based application up to 2025-05-05. The issue is that heap content can resemble a core dump, exposing passwords previously sent over HTTP within that dump. Exploitation was observed in the wild in May 2025. Public ...

4CVSS7.2AI score0.08289EPSS
In wildExploits0References2Affected Software1
Cvelist
Cvelistadded 2025/05/28 12:0 a.m.8 views

CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025...

4CVSS0.08289EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/05/28 12:0 a.m.5 views

CVE-2025-48929

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential e.g., not a token with a short expiration time that can be reused at a later date if discovered by an adversary...

4CVSS6.7AI score0.00126EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/05/28 12:0 a.m.8 views

CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...

4.3CVSS0.00117EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/05/28 12:0 a.m.8 views

CVE-2025-48929

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential e.g., not a token with a short expiration time that can be reused at a later date if discovered by an adversary...

4CVSS0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/05/28 12:0 a.m.5 views

CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...

4.3CVSS6.7AI score0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/05/28 12:0 a.m.1 views

PT-2025-23113 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue concerns the storage of certain cleartext information in memory by the TeleMessage service. This information may be accessible to an adversary through various means. There have bee...

2.8CVSS6.1AI score0.00073EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/05/28 12:0 a.m.9 views

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

5.3CVSS5.4AI score0.09466EPSS
Exploits0References1
Rows per page
Query Builder