Lucene search
K

100 matches found

Vulnrichment
Vulnrichment
added 2025/05/28 12:0 a.m.6 views

CVE-2025-48926

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers...

4.3CVSS6.4AI score0.00216EPSS
Exploits0References1
CVE
CVE
added 2025/05/28 12:0 a.m.51 views

CVE-2025-48931

The CVE-2025-48931 entry concerns TeleMessage service passwords hashed with MD5 (through 2025-05-05). Root cause: MD5-based password hashing enabling rainbow-table and related attacks with low computational effort. Impact is implied as password-cryptography weakness; no explicit exploited vector ...

5.5CVSS7.4AI score0.00081EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/05/28 12:0 a.m.25 views

CVE-2025-48926

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers...

4.3CVSS0.00216EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/28 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-48927

TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI...

5.3CVSS5.8AI score0.07857EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/28 12:0 a.m.9 views

CVE-2025-48931

The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities including rainbow tables with low computational effort...

3.2CVSS0.00081EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.4 views

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from storing plaintext messages in memory, which could lead to message disclosure...

5.3CVSS6.6AI score0.00115EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/28 12:0 a.m.11 views

CVE-2025-48930

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues...

2.8CVSS0.00115EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.10 views

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier that stems from relying on the client to perform MD5 hashing and accept the hash as authentication credentials...

7.5CVSS6.9AI score0.00233EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/05/28 12:0 a.m.13 views

CVE-2025-48929

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential e.g., not a token with a short expiration time that can be reused at a later date if discovered by an adversary...

4CVSS0.00282EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/28 12:0 a.m.5 views

CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025...

4CVSS7AI score0.00366EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.13 views

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from exposing a heap dump endpoint when configuring Spring Boot Actuator...

5.3CVSS8.3AI score0.07857EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/05/28 12:0 a.m.8 views

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

5.3CVSS7.2AI score0.07857EPSS
In wildExploits0References2
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.5 views

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from the use of long-validated credentials for authentication, which could lead to reuse of credentials...

9.8CVSS6.7AI score0.00282EPSS
Exploits0References3
HackRead
HackRead
added 2025/05/19 7:11 p.m.17 views

DDoSecrets Adds 410GB of TeleMessage Breach Data to Index

DDoSecrets indexes 410GB of breached TeleMessage data, including messages and metadata, from hack tied to unsecured Signal clone used by US government officials...

7.3AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2025/05/18 11:0 a.m.17 views

How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes

The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration...

7.2AI score
Exploits0
HackRead
HackRead
added 2025/05/13 8:35 p.m.6 views

CISA Adds TeleMessage Vulnerability to KEV List Following Breach

CISA adds TeleMessage flaw to KEV list, urges agencies to act within 3 weeks after a breach exposed…...

7.2AI score
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 2025/05/12 12:0 a.m.20 views

TeleMessage TM SGNL Hidden Functionality Vulnerability

TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users...

4.9CVSS6.8AI score0.00394EPSS
In wildExploits0
RedhatCVE
RedhatCVE
added 2025/05/10 12:21 a.m.35 views

CVE-2025-47729

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL aka Archive Signal app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as...

4.9CVSS6.9AI score0.00394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/10 12:20 a.m.18 views

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

4.8CVSS7.3AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2025/05/08 2:15 p.m.39 views

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

7.5CVSS0.00323EPSS
Exploits0References4
Rows per page
Query Builder