46 matches found
solaredge - (CSRF-OOB-Injection)
Titles: solaredge - CSRF-OOB-Injection Author: nu11secur1tyAI Date: 2026-04-26 Vendor: SolarEdge Technologies Ltd. Software: SolarEdge Monitoring Platform - Framework /solaredge-web/ Reference: https://monitoring.solaredge.com/ Description: The solaredge-CSRF-Hijack vulnerability arises due to a...
📄 SolarEdge 3.0-2021 Cross Site Request Forgery / Out-Of-Bounds Access
SolarEdge version 3.0-2021 suffers from cross site request forgery and out-of-band injection vulnerabilities. Titles: solaredge-CSRF-OOB-Injection 3.0-2021 web portal Author: nu11secur1ty Date: 2026-04-26 Vendor: SolarEdge Technologies Ltd. Software: SolarEdge Monitoring Platform - Framework...
📄 SolarEdge 3.0-2021 Cross Site Request Forgery / OOB Injection
SolarEdge version 3.0-2021 suffers from a cross site request forgery vulnerability in the /solaredge-web/p/initClient that can lead to a remote command injection vulnerability. Titles: solaredge-CSRF-OOB-Injection 3.0-2021 web portal Author: nu11secur1tyAI Date: 2026-04-26 Vendor: SolarEdge...
CVE-2025-36745
SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information...
CVE-2025-36743
SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...
CVE-2025-36744
SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak operating system information...
CVE-2025-36746
SolarEdge monitoring platform contains a Cross‑Site Scripting XSS flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt...
EUVD-2025-203087
SolarEdge monitoring platform contains a Cross‑Site Scripting XSS flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt...
EUVD-2025-203086
SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...
CVE-2025-36745
SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information...
CVE-2025-36744
SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak operating system information...
CVE-2025-36746
SolarEdge monitoring platform contains a Cross‑Site Scripting XSS flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt...
CVE-2025-36745
SolarEdge SE3680H ships with an outdated Linux kernel containing unpatched vulnerabilities in core subsystems. An attacker with network or local access can exploit these flaws to achieve remote code execution, privilege escalation, or disclosure of sensitive information...
CVE-2025-36744
SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak operating system information...
CVE-2025-36743
SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...
CVE-2025-36743
SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...
CVE-2025-36746 SolarEdge Monitoring Platform contains a XSS upon report deletion
SolarEdge monitoring platform contains a Cross‑Site Scripting XSS flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt...
CVE-2025-36746 SolarEdge Monitoring Platform contains a XSS upon report deletion
SolarEdge monitoring platform contains a Cross‑Site Scripting XSS flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt...
CVE-2025-36746
SolarEdge Monitoring Platform contains a Cross‑Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt. The affected product is the SolarEdge Monitoring Platform; the vulnerability is trigg...
CVE-2025-36743
CVE-2025-36743 concerns the SolarEdge SE3680H inverter, where an exposed debug/test interface is reachable by unauthenticated actors. Redundant exposure could lead to disclosure of internal system information and execution of debug commands, indicating a potential impact on confidentiality, integ...