Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weather vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2018-18880
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script.
Columbiaweather Weather Microserver Firmware Ms 2.6.9900
445
VMScore
CVE-2017-16149
zwserver is a weather web server. zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Zwserver Project Zwserver
312
VMScore
CVE-2018-18875
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a stored Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script via changestationname.php.
Columbiaweather Weather Microserver Firmware Ms 2.6.9900
445
VMScore
CVE-2018-18876
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system.
Columbiaweather Weather Microserver Firmware Ms 2.6.9900
409
VMScore
CVE-2022-25815
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local malicious users to perform unauthorized action without permission via hijacking the PendingIntent.
Google Android 10.0
Google Android 11.0
NA
CVE-2024-3108
An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization.
445
VMScore
CVE-2017-16110
weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Weather.swlyons Project Weather.swlyons 0.1.4
Weather.swlyons Project Weather.swlyons 0.1.6
Weather.swlyons Project Weather.swlyons 0.1.1
Weather.swlyons Project Weather.swlyons 0.1.2
Weather.swlyons Project Weather.swlyons 0.1.3
Weather.swlyons Project Weather.swlyons 0.1.5
578
VMScore
CVE-2018-18879
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.
Columbiaweather Weather Microserver Firmware Ms 2.6.9900
187
VMScore
CVE-2021-3720
An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data.
Lenovo Legion Phone Pro \\(l79031\\)firmware
Lenovo Legion Phone2 Pro \\(l70081\\) Firmware
578
VMScore
CVE-2021-24864
The WP Cloudy, weather plugin WordPress plugin prior to 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue
Wpscan Wp Cloudy
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »