Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
weather vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-3769
The OWM Weather WordPress plugin prior to 5.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as contributor
Ujsoftware Owm Weather
NA
CVE-2022-47179
Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft.
Ujsoftware Owm Weather
NA
CVE-2023-4831
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection.This issue affects Ncep: prior to 20230914 .
Weather Ncode Ncep
6.8
CVSSv2
CVE-2007-5674
Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the PageName parameter.
Instaguide Weather 1.0
1 EDB exploit
NA
CVE-2023-0360
The Location Weather WordPress plugin prior to 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
Shapedplugin Location Weather
4.3
CVSSv2
CVE-2021-24683
The Weather Effect WordPress plugin prior to 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue.
Awplife Weather Effect
3.5
CVSSv2
CVE-2021-24709
The Weather Effect WordPress plugin prior to 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues
Awplife Weather Effect
5.4
CVSSv2
CVE-2014-6697
The Morocco Weather (aka com.mobilesoft.meteomaroc) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Mobilesoft Morocco Weather 3.1
5
CVSSv2
CVE-2017-9245
The Google News and Weather application prior to 3.3.1 for Android allows remote malicious users to read OAuth tokens by sniffing the network and leveraging the lack of SSL.
Google News And Weather
7.5
CVSSv2
CVE-2007-2044
PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote malicious users to execute arbitrary PHP code via a URL in the absolute_path parameter.
Antonis Ventouris Weather Module
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »