120 matches found
CVE-2025-65238
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information...
OpenCode USSD Gateway 安全漏洞
OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway, which stems from reflective cross-site scripting and could lead to an attacker executing arbitrary JavaScript in a user's browser...
CVE-2025-65238
OpenCode Systems USSD Gateway OC is affected by CVE-2025-65238. The issue is an incorrect access control in the getSubUsersByProvider function, in OC Release 5 Version 6.13.11, which could allow attackers with low privileges to dump user records and access sensitive information. The available con...
CVE-2025-65237
A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...
PT-2025-48159
A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...
OpenCode USSD Gateway 安全漏洞
OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway version 6.13.11, which stems from an SQL injection in the ID parameter of the getSubUsersByProvider function...
CVE-2025-65235
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...
PT-2025-48157
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...
OpenCode USSD Gateway 安全漏洞
OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway that stems from improper access control in the getSubUsersByProvider function, which could allow a low-privileged attacker to dump...
CVE-2025-65235
CVE-2025-65235 affects OpenCode Systems USSD Gateway OC Release: 5, Version 6.13.11, with a SQL injection in the ID parameter of the getSubUsersByProvider function. Connected sources (Red Hat, EU ENISA, NVD/CVE records, CNNVD) corroborate a SQL injection vulnerability in this release. The CVSSv3....
PT-2025-48158
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...
CVE-2025-65236
CVE-2025-65236 affects OpenCode Systems USSD Gateway OC Release 5. The issue is a SQL injection via the Session ID parameter in the endpoint /occontrolpanel/index.php . CVSS v3.1 base score is 9.8 (CRITICAL) with network attack vector, no user interaction, and no privileges required; impacts incl...
CVE-2025-65239
CVE-2025-65239 affects OpenCode Systems USSD Gateway OC Release:5 (version 6.13.11). The /aux1/ocussd/trace endpoint has incorrect access control, enabling attackers with low privileges to read server logs. Reported CVSSv3.1 base score is 4.3 (MEDIUM), with network access, low privileges required...
EUVD-2020-5033
Malware in sbrugna...
EUVD-2019-3656
Malware in sbrugna...
EUVD-2022-53156
Malicious code in bioql PyPI...
EUVD-2021-31566
Malicious code in bioql PyPI...
EUVD-2022-27901
Malicious code in bioql PyPI...
CVE-2022-44251
TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the ussd parameter in the setUssd function...
CVE-2022-22758
When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack. This bug only affects...