Ussd Gateway CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (6 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-70614	1 Opencode Systems	1 Ussd Gateway	2026-03-06	8.1 High
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter.
CVE-2025-65235	2 Opencode, Opencode Systems	2 Ussd Gateway, Ussd Gateway	2026-01-02	9.8 Critical
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function.
CVE-2025-65236	2 Opencode, Opencode Systems	2 Ussd Gateway, Ussd Gateway	2026-01-02	9.8 Critical
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.
CVE-2025-65237	2 Opencode, Opencode Systems	2 Ussd Gateway, Ussd Gateway	2026-01-02	6.1 Medium
A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload.
CVE-2025-65238	2 Opencode, Opencode Systems	2 Ussd Gateway, Ussd Gateway	2026-01-02	6.5 Medium
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information.
CVE-2025-65239	2 Opencode, Opencode Systems	2 Ussd Gateway, Ussd Gateway	2025-12-30	4.3 Medium
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.

Page 1 of 1.