Every CVE whose affected-product data names Telegram, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2019-10044 — CVSS 8.8 (high): Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph…
CVE-2018-20436 — CVSS 8.1 (high): The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed…
CVE-2024-7014 — CVSS 8.1 (high): EvilVideo vulnerability allows sending malicious apps disguised as videos in Telegram for Android application affecting versions 10.14.4…
CVE-2021-31321 — CVSS 7.1 (high): Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic…
CVE-2021-31320 — CVSS 7.1 (high): Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the…
CVE-2018-15543 — CVSS 6.8 (medium): An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation…
CVE-2020-12474 — CVSS 6.5 (medium): Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via…
CVE-2018-15542 — CVSS 6.4 (medium): An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via…
CVE-2022-43363 — CVSS 6.1 (medium): Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target Corporation website. NOTE: some third parties have been unable…
CVE-2020-10570 — CVSS 6.1 (medium): The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass…
CVE-2021-30496 — CVSS 5.7 (medium): The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an…
CVE-2021-31315 — CVSS 5.5 (medium): Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of…
CVE-2021-31317 — CVSS 5.5 (medium): Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of…
CVE-2021-31318 — CVSS 5.5 (medium): Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTComp…
CVE-2021-31319 — CVSS 5.5 (medium): Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient::populate…
CVE-2019-16248 — CVSS 5.5 (medium): The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other…
CVE-2021-31322 — CVSS 5.5 (medium): Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the…
CVE-2021-31323 — CVSS 5.5 (medium): Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the…
CVE-2018-3986 — CVSS 5.5 (medium): An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging…
CVE-2021-27204 — CVSS 5.5 (medium): Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.
CVE-2021-27205 — CVSS 5.5 (medium): Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive…
CVE-2023-26818 — CVSS 5.5 (medium): Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.
CVE-2019-15514 — CVSS 5.3 (medium): The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is…
CVE-2021-27351 — CVSS 5.3 (medium): The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to…
CVE-2023-34658 — CVSS 5.3 (medium): Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController.
CVE-2021-36769 — CVSS 5.3 (medium): A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An…
CVE-2021-41861 — CVSS 3.3 (low): The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than…