Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
16021.7%CRITICAL

Related CVEs

6
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-70614OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter.HIGH8.117.4%Mar 5, 2026
CVE-2025-65239Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.MEDIUM4.316.3%Nov 26, 2025
CVE-2025-65238Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information.MEDIUM6.520.9%Nov 26, 2025
CVE-2025-65237A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload.MEDIUM6.113.7%Nov 26, 2025
CVE-2025-65236OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.CRITICAL9.831.1%Nov 26, 2025
CVE-2025-65235OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function.CRITICAL9.831.1%Nov 26, 2025