Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weather vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-18880
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script.
Columbiaweather Weather Microserver Firmware Ms 2.6.9900
7.8
CVSSv3
CVE-2022-25815
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local malicious users to perform unauthorized action without permission via hijacking the PendingIntent.
Google Android 10.0
Google Android 11.0
7.5
CVSSv3
CVE-2017-16149
zwserver is a weather web server. zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Zwserver Project Zwserver
5.4
CVSSv3
CVE-2018-18875
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php.
Columbiaweather Weather Microserver Firmware Ms 2.6.9900
5.3
CVSSv3
CVE-2018-18876
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system.
Columbiaweather Weather Microserver Firmware Ms 2.6.9900
7.5
CVSSv3
CVE-2017-16110
weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Weather.swlyons Project Weather.swlyons 0.1.4
Weather.swlyons Project Weather.swlyons 0.1.6
Weather.swlyons Project Weather.swlyons 0.1.1
Weather.swlyons Project Weather.swlyons 0.1.2
Weather.swlyons Project Weather.swlyons 0.1.3
Weather.swlyons Project Weather.swlyons 0.1.5
8.8
CVSSv3
CVE-2018-18879
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.
Columbiaweather Weather Microserver Firmware Ms 2.6.9900
5.5
CVSSv3
CVE-2021-3720
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
Lenovo Legion Phone Pro \\(l79031\\)firmware
Lenovo Legion Phone2 Pro \\(l70081\\) Firmware
NA
CVE-2008-1348
Cross-site scripting (XSS) vulnerability in index.php in the eWebsite eWeather (Weather) module for PHP-Nuke allows remote malicious users to inject arbitrary web script or HTML via the chart parameter to modules.php.
Ewebsite Eweather
1 EDB exploit
8.8
CVSSv3
CVE-2021-24864
The WP Cloudy, weather plugin WordPress plugin prior to 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue
Wpscan Wp Cloudy
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »