Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weather vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-24683
The Weather Effect WordPress plugin prior to 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.
Awplife Weather Effect
685
VMScore
CVE-2007-5674
Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter.
Instaguide Weather 1.0
1 EDB exploit
383
VMScore
CVE-2020-9405
IBL Online Weather prior to 4.3.5a allows unauthenticated reflected XSS via the redirect page.
Iblsoft Online Weather
668
VMScore
CVE-2020-9406
IBL Online Weather prior to 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
Iblsoft Online Weather
312
VMScore
CVE-2021-24709
The Weather Effect WordPress plugin prior to 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues
Awplife Weather Effect
NA
CVE-2023-4831
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection.This issue affects Ncep: prior to 20230914 .
Weather Ncode Ncep
NA
CVE-2022-3769
The OWM Weather WordPress plugin prior to 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor
Ujsoftware Owm Weather
445
VMScore
CVE-2017-9245
The Google News and Weather application prior to 3.3.1 for Android allows remote malicious users to read OAuth tokens by sniffing the network and leveraging the lack of SSL.
Google News And Weather
481
VMScore
CVE-2014-6697
The Morocco Weather (aka com.mobilesoft.meteomaroc) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Mobilesoft Morocco Weather 3.1
755
VMScore
CVE-2007-2044
PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote malicious users to execute arbitrary PHP code via a URL in the absolute_path parameter.
Antonis Ventouris Weather Module
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »