Vincent Salvadori

#10406of 53,633
26.6Total CVSS
Vulnerabilities · 4
Medium
3
Critical
1
PT-2025-38506
5.4
2025-09-19
Smseagle · Smseagle · CVE-2025-59715
**Name of the Vulnerable Software and Affected Versions** SMSEagle versions prior to 6.11 **Description** SMSEagle is susceptible to a reflected cross-site scripting (XSS) issue. The vulnerability occurs through manipulation of a `username` or contact `phone number`. **Recommendations** Update to version 6.11 or later.
PT-2025-36721
5.3
2025-09-09
Smseagle · Smseagle · CVE-2025-10095
Name of the Vulnerable Software and Affected Versions: SMSEagle versions prior to 6.11 Description: A SQL injection vulnerability exists in the SMPP server component of the SMSEagle firmware. The issue stems from improper sanitization of user input in the server's scripts during database interactions. This vulnerability is isolated to the SMPP server and its dedicated database, limiting the scope of impact to SMPP server operations. Recommendations: Update to version 6.11 or later.
PT-2024-27518
6.1
2024-08-23
Smseagle · Smseagle · CVE-2024-37392
**Name of the Vulnerable Software and Affected Versions** SMSEagle versions prior to 6.0 **Description** A stored Cross-Site Scripting (XSS) issue has been identified. The application did not properly sanitize user input in SMS messages in the inbox, allowing an attacker to inject malicious JavaScript code into an SMS message. This code gets executed when the SMS is viewed and specially interacted with in the web-GUI. **Recommendations** For versions prior to 6.0, update to version 6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the inbox feature in the web-GUI to minimize the risk of exploitation.
PT-2023-16501
9.8
2023-04-06
Unknown · Yellobrik Pec-1864 · CVE-2023-0750
**Name of the Vulnerable Software and Affected Versions** Yellobrik PEC-1864 (affected versions not specified) **Description** The Yellobrik PEC-1864 device implements authentication checks via JavaScript in the frontend interface. When the device can be accessed over the network, an attacker could bypass authentication. This would allow an attacker to change the password, resulting in a denial of service for the users, change the streaming source, compromising the integrity of the stream, and change the streaming destination, compromising the confidentiality of the stream. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.