Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weather vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-4831
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection.This issue affects Ncep: prior to 20230914 .
Weather Ncode Ncep
9.8
CVSSv3
CVE-2020-9406
IBL Online Weather prior to 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
Iblsoft Online Weather
9.8
CVSSv3
CVE-2018-6012
The 'Weather Service' feature of the Green Electronics RainMachine Mini-8 (2nd generation) allows an malicious user to inject arbitrary Python code via the 'Add new weather data source' upload function.
Rainmachine Mini-8 Firmware
9.1
CVSSv3
CVE-2022-35122
An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated malicious users to access sensitive information including device and local WiFi passwords.
Ecowitt Gw1100 Firmware
8.8
CVSSv3
CVE-2023-25478
Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather Station plugin <= 3.8.12 versions.
Weather Station Project Weather Station
8.8
CVSSv3
CVE-2022-3769
The OWM Weather WordPress plugin prior to 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor
Ujsoftware Owm Weather
8.8
CVSSv3
CVE-2021-24864
The WP Cloudy, weather plugin WordPress plugin prior to 4.4.9 does not escape the post_id parameter before using it in a SQL statement in the admin dashboard, leading to a SQL Injection issue
Wpscan Wp Cloudy
8.8
CVSSv3
CVE-2021-43844
MSEdgeRedirect is a tool to redirect news, search, widgets, weather, and more to a user's default browser. MSEdgeRedirect versions prior to 0.5.0.1 are vulnerable to Remote Code Execution via specifically crafted URLs. This vulnerability requires user interaction and the acc...
Msedgeredirect Project Msedgeredirect
8.8
CVSSv3
CVE-2018-18877
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device.
Columbiaweather Weather Microserver Firmware Ms 2.6.9900
8.8
CVSSv3
CVE-2018-18879
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.
Columbiaweather Weather Microserver Firmware Ms 2.6.9900
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »