CVE-2025-70614
- EPSS 0.03%
- Veröffentlicht 05.03.2026 00:00:00
- Zuletzt bearbeitet 06.03.2026 10:16:21
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted com...
CVE-2025-65239
- EPSS 0.04%
- Veröffentlicht 26.11.2025 00:00:00
- Zuletzt bearbeitet 30.12.2025 15:57:07
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.
CVE-2025-65238
- EPSS 0.04%
- Veröffentlicht 26.11.2025 00:00:00
- Zuletzt bearbeitet 02.01.2026 20:46:04
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information.
CVE-2025-65235
- EPSS 0.05%
- Veröffentlicht 26.11.2025 00:00:00
- Zuletzt bearbeitet 02.01.2026 20:47:48
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function.
CVE-2025-65237
- EPSS 0.05%
- Veröffentlicht 26.11.2025 00:00:00
- Zuletzt bearbeitet 02.01.2026 20:46:26
A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload.
CVE-2025-65236
- EPSS 0.05%
- Veröffentlicht 26.11.2025 00:00:00
- Zuletzt bearbeitet 02.01.2026 20:47:26
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.