Lucene search
K

732 matches found

CVE
CVE
added 2025/07/04 11:18 a.m.17 views

CVE-2025-28980

CVE-2025-28980 is a path traversal vulnerability in the WordPress plugin “Aviation Weather from NOAA” (versions

7.7CVSS5.9AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/04 12:0 a.m.4 views

WordPress plugin Aviation Weather from NOAA 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

7.7CVSS6.6AI score0.00392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.2 views

PT-2025-27904 · Noaa · Aviation Weather

Name of the Vulnerable Software and Affected Versions: Aviation Weather from NOAA versions 0.7.2 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in the affected software...

7.7CVSS5.9AI score0.00392EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/06/29 12:6 p.m.5 views

CVE-2025-52809

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP Local File Inclusion.This issue affects National Weather Service Alerts: from n/a through ...

8.1CVSS5.9AI score0.00397EPSS
Exploits0References1
NVD
NVD
added 2025/06/27 12:15 p.m.4 views

CVE-2025-52809

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP Local File Inclusion.This issue affects National Weather Service Alerts: from n/a through ...

8.1CVSS0.00397EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/27 11:52 a.m.13 views

CVE-2025-52809 WordPress National Weather Service Alerts plugin <= 1.3.5 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP Local File Inclusion.This issue affects National Weather Service Alerts: from n/a through ...

8.1CVSS0.00397EPSS
Exploits0References1
CVE
CVE
added 2025/06/27 11:52 a.m.14 views

CVE-2025-52809

CVE-2025-52809 describes an unauthenticated Local File Inclusion in the WordPress plugin National Weather Service Alerts (versions ≤ 1.3.5). The vulnerability arises from Improper Control of Filename for Include/Require in a PHP program, enabling local file inclusion via user-controlled input. Pu...

8.1CVSS5.9AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.3 views

WordPress plugin National Weather Service Alerts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS6.4AI score0.00397EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.2 views

PT-2025-27128 · Unknown · John Russell National Weather Service Alerts

Name of the Vulnerable Software and Affected Versions: John Russell National Weather Service Alerts versions 1.3.5 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows...

8.1CVSS7.8AI score0.00397EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.7 views

The vulnerability of the Product Delivery Service component of the software for collecting, analyzing, and visualizing meteorological data, Visual Weather, and related products such as NAMIS, Aero Weather, and Satellite Weather, allows a perpetrator to execute arbitrary code or cause service failures.

The vulnerability of the Product Delivery Service component of the software for collecting, analyzing, and visualizing meteorological data Visual Weather and related products such as NAMIS and Aero Weather lies in insufficient validation of input data. Exploiting this vulnerability could allow an...

9CVSS6AI score0.00843EPSS
Exploits0References2Affected Software4
OSV
OSV
added 2025/06/10 4:38 a.m.2 views

MAL-2025-4809 Malicious code in @loybung/weather-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b8141e9c6d2ba6d7cf52aea200f4a596b4e7151c2c3a67b2713cd2cacc96038 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/10 4:38 a.m.4 views

Malicious code in @loybung/weather-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b8141e9c6d2ba6d7cf52aea200f4a596b4e7151c2c3a67b2713cd2cacc96038 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.7 views

CVE-2024-35755

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40...

6.5CVSS6.7AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.9 views

CVE-2024-3108

An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization...

5.5CVSS6.7AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.6 views

CVE-2023-0360

The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS4.4AI score0.0054EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:11 a.m.7 views

CVE-2023-30715

Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission...

4CVSS6.5AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:6 a.m.7 views

CVE-2022-28780

Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information...

5.5CVSS6.5AI score0.00091EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:54 a.m.17 views

CVE-2022-47179

Cross-Site Request Forgery CSRF vulnerability in Uwe Jacobs OWM Weather plugin = 5.6.11 leads to post duplication as a draft...

4.3CVSS7AI score0.00231EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:8 a.m.10 views

CVE-2022-25815

PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent...

7.8CVSS6.6AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:1 p.m.18 views

CVE-2021-24683

The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...

5.4CVSS5.6AI score0.00399EPSS
Exploits2References1
Rows per page
Query Builder