Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
telegram vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-40532
Telegram Web K Alpha prior to 0.7.2 mishandles the characters in a document extension.
Telegram Web K Alpha
605
VMScore
CVE-2020-17448
Telegram Desktop up to and including 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension.
Telegram Telegram Desktop
605
VMScore
CVE-2019-10044
Telegram Desktop prior to 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and...
Telegram Telegram
Telegram Telegram Desktop
605
VMScore
CVE-2018-20436
The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web ...
Telegram Web 0.7.0
Telegram Telegram 4.9.1
605
VMScore
CVE-2017-17715
The saveFile method in MediaController.java in the Telegram Messenger application prior to 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.
Telegram Telegram Messenger
516
VMScore
CVE-2021-31320
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rlottie library. A remote attacker might be able to overwrite heap mem...
Telegram Telegram
516
VMScore
CVE-2021-31321
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-o...
Telegram Telegram
446
VMScore
CVE-2019-15514
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assi...
Telegram Telegram 5.10.0
2 Github repositories
445
VMScore
CVE-2021-36769
A reordering issue exists in Telegram prior to 7.8.1 for Android, Telegram prior to 7.8.3 for iOS, and Telegram Desktop prior to 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.
Telegram Telegram
Telegram Telegram Desktop
445
VMScore
CVE-2021-27351
The Terminate Session feature in the Telegram application up to and including 7.2.1 for Android, and up to and including 2.4.7 for Windows and UNIX, fails to invalidate a recently active session.
Telegram Telegram
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »