Lucene search
+L

120 matches found

Cvelist
Cvelist
added 2025/11/26 12:0 a.m.13 views

CVE-2025-65238

Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information...

0.00299EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.7 views

OpenCode USSD Gateway 安全漏洞

OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway, which stems from reflective cross-site scripting and could lead to an attacker executing arbitrary JavaScript in a user's browser...

6.1CVSS6AI score0.00235EPSS
Exploits1References4
CVE
CVE
added 2025/11/26 12:0 a.m.17 views

CVE-2025-65238

OpenCode Systems USSD Gateway OC is affected by CVE-2025-65238. The issue is an incorrect access control in the getSubUsersByProvider function, in OC Release 5 Version 6.13.11, which could allow attackers with low privileges to dump user records and access sensitive information. The available con...

6.5CVSS6.4AI score0.00299EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/26 12:0 a.m.4 views

CVE-2025-65237

A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...

6.1AI score0.00235EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.10 views

PT-2025-48159

A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...

6.6AI score0.00235EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.9 views

OpenCode USSD Gateway 安全漏洞

OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway version 6.13.11, which stems from an SQL injection in the ID parameter of the getSubUsersByProvider function...

9.8CVSS7.9AI score0.00401EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/11/26 12:0 a.m.2 views

CVE-2025-65235

OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...

8AI score0.00401EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.7 views

PT-2025-48157

OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...

8.4AI score0.00401EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.6 views

OpenCode USSD Gateway 安全漏洞

OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway that stems from improper access control in the getSubUsersByProvider function, which could allow a low-privileged attacker to dump...

6.5CVSS6.5AI score0.00299EPSS
Exploits1References4
CVE
CVE
added 2025/11/26 12:0 a.m.17 views

CVE-2025-65235

CVE-2025-65235 affects OpenCode Systems USSD Gateway OC Release: 5, Version 6.13.11, with a SQL injection in the ID parameter of the getSubUsersByProvider function. Connected sources (Red Hat, EU ENISA, NVD/CVE records, CNNVD) corroborate a SQL injection vulnerability in this release. The CVSSv3....

9.8CVSS8AI score0.00401EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/26 12:0 a.m.8 views

PT-2025-48158

OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...

8.4AI score0.00401EPSS
Exploits1References4
CVE
CVE
added 2025/11/26 12:0 a.m.17 views

CVE-2025-65236

CVE-2025-65236 affects OpenCode Systems USSD Gateway OC Release 5. The issue is a SQL injection via the Session ID parameter in the endpoint /occontrolpanel/index.php . CVSS v3.1 base score is 9.8 (CRITICAL) with network attack vector, no user interaction, and no privileges required; impacts incl...

9.8CVSS8AI score0.00401EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/11/26 12:0 a.m.20 views

CVE-2025-65239

CVE-2025-65239 affects OpenCode Systems USSD Gateway OC Release:5 (version 6.13.11). The /aux1/ocussd/trace endpoint has incorrect access control, enabling attackers with low privileges to read server logs. Reported CVSSv3.1 base score is 4.3 (MEDIUM), with network access, low privileges required...

4.3CVSS6.4AI score0.00256EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-5033

Malware in sbrugna...

7.5CVSS7.5AI score0.00428EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-3656

Malware in sbrugna...

6.6CVSS6.6AI score0.01147EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-53156

Malicious code in bioql PyPI...

9.1CVSS9.2AI score0.0062EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-31566

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00553EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-27901

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00364EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 12:5 a.m.8 views

CVE-2022-44251

TOTOLINK NR1800X V9.1.0u.6279B20210910 contains a command injection via the ussd parameter in the setUssd function...

9.8CVSS7.5AI score0.0181EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:50 p.m.7 views

CVE-2022-22758

When clicking on a tel: link, USSD codes, specified after a \ character, would be included in the phone number. On certain phones, or on certain carriers, if the number was dialed this could perform actions on a user's account, similar to a cross-site request forgery attack. This bug only affects...

8.8CVSS6.1AI score0.00364EPSS
Exploits0References1
Rows per page
Query Builder