Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weather vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-30715
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows malicious users to access location information set in Weather without permission.
Samsung Android 11.0
Samsung Android 12.0
Samsung Android 13.0
7.5
CVSSv2
CVE-2018-6012
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an malicious user to inject arbitrary Python code via the 'Add new weather data source' upload function.
Rainmachine Mini-8 Firmware
NA
CVE-2024-35755
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a up to and including 1.1.40.
2.1
CVSSv2
CVE-2022-28780
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
Google Android 10.0
Google Android 11.0
Google Android 12.0
1.2
CVSSv2
CVE-2004-2473
wmFrog weather monitor 0.1.6 and other versions prior to 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Wmfrog Wmfrog 0.1.6
NA
CVE-2022-35122
An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated malicious users to access sensitive information including device and local WiFi passwords.
Ecowitt Gw1100 Firmware
4.6
CVSSv2
CVE-2022-25815
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local malicious users to perform unauthorized action without permission via hijacking the PendingIntent.
Google Android 10.0
Google Android 11.0
5
CVSSv2
CVE-2017-16149
zwserver is a weather web server. zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Zwserver Project Zwserver
NA
CVE-2024-3108
An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization.
5
CVSSv2
CVE-2017-16110
weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Weather.swlyons Project Weather.swlyons 0.1.6
Weather.swlyons Project Weather.swlyons 0.1.1
Weather.swlyons Project Weather.swlyons 0.1.2
Weather.swlyons Project Weather.swlyons 0.1.3
Weather.swlyons Project Weather.swlyons 0.1.4
Weather.swlyons Project Weather.swlyons 0.1.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »