Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
18224.3%CRITICAL

Related CVEs

8
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-48931The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort.MEDIUM5.50.3%May 28, 2025
CVE-2025-48930The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues.MEDIUM5.31.8%May 28, 2025
CVE-2025-48929The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary.CRITICAL9.819.9%May 28, 2025
CVE-2025-48928The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.MEDIUM4.0KEV28.5%May 28, 2025
CVE-2025-48927The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.MEDIUM5.3KEV94.0%May 28, 2025
CVE-2025-48926The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers.HIGH7.512.0%May 28, 2025
CVE-2025-48925The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential.HIGH7.514.0%May 28, 2025
CVE-2025-47730The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user and enRR8UVVywXYbFkqU#QDPRkO for the password.HIGH7.524.1%May 8, 2025