Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weather vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-5163
The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...
Weather-atlas Weather Atlas
481
VMScore
CVE-2014-6699
The Weather Channel (aka com.weather.Weather) application 5.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Weather Weather Channel 5.2.0
NA
CVE-2023-25478
Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather Station plugin <= 3.8.12 versions.
Weather Station Project Weather Station
383
VMScore
CVE-2014-4561
The ultimate-weather plugin 1.0 for WordPress has XSS
Ultimate-weather Project Ultimate-weather 1.0
NA
CVE-2023-4944
The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
Awesome Weather Widget Project Awesome Weather Widget
383
VMScore
CVE-2021-24474
The Awesome Weather Widget WordPress plugin up to and including 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) Vulnerability.
Awesome Weather Widget Project Awesome Weather Widget
445
VMScore
CVE-2017-16184
scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
Scott-blanch-weather-app Project Scott-blanch-weather-app 1.0.0
668
VMScore
CVE-2020-9406
IBL Online Weather prior to 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
Iblsoft Online Weather
383
VMScore
CVE-2020-9405
IBL Online Weather prior to 4.3.5a allows unauthenticated reflected XSS via the redirect page.
Iblsoft Online Weather
445
VMScore
CVE-2020-9407
IBL Online Weather prior to 4.3.5a allows malicious users to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
Iblsoft Online Weather
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »