Filtered by vendor Opencode
Subscribe
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-65235 | 1 Opencode | 1 Ussd Gateway | 2026-01-02 | N/A | 9.8 CRITICAL |
| OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function. | |||||
| CVE-2025-65236 | 1 Opencode | 1 Ussd Gateway | 2026-01-02 | N/A | 9.8 CRITICAL |
| OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint. | |||||
| CVE-2025-65237 | 1 Opencode | 1 Ussd Gateway | 2026-01-02 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload. | |||||
| CVE-2025-65238 | 1 Opencode | 1 Ussd Gateway | 2026-01-02 | N/A | 6.5 MEDIUM |
| Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information. | |||||
| CVE-2025-65239 | 1 Opencode | 1 Ussd Gateway | 2025-12-30 | N/A | 4.3 MEDIUM |
| Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs. | |||||