732 matches found
CVE-2025-28980
CVE-2025-28980 is a path traversal vulnerability in the WordPress plugin “Aviation Weather from NOAA” (versions
WordPress plugin Aviation Weather from NOAA 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...
PT-2025-27904 · Noaa · Aviation Weather
Name of the Vulnerable Software and Affected Versions: Aviation Weather from NOAA versions 0.7.2 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in the affected software...
CVE-2025-52809
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP Local File Inclusion.This issue affects National Weather Service Alerts: from n/a through ...
CVE-2025-52809
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP Local File Inclusion.This issue affects National Weather Service Alerts: from n/a through ...
CVE-2025-52809 WordPress National Weather Service Alerts plugin <= 1.3.5 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in John Russell National Weather Service Alerts national-weather-service-alerts allows PHP Local File Inclusion.This issue affects National Weather Service Alerts: from n/a through ...
CVE-2025-52809
CVE-2025-52809 describes an unauthenticated Local File Inclusion in the WordPress plugin National Weather Service Alerts (versions ≤ 1.3.5). The vulnerability arises from Improper Control of Filename for Include/Require in a PHP program, enabling local file inclusion via user-controlled input. Pu...
WordPress plugin National Weather Service Alerts 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-27128 · Unknown · John Russell National Weather Service Alerts
Name of the Vulnerable Software and Affected Versions: John Russell National Weather Service Alerts versions 1.3.5 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows...
The vulnerability of the Product Delivery Service component of the software for collecting, analyzing, and visualizing meteorological data, Visual Weather, and related products such as NAMIS, Aero Weather, and Satellite Weather, allows a perpetrator to execute arbitrary code or cause service failures.
The vulnerability of the Product Delivery Service component of the software for collecting, analyzing, and visualizing meteorological data Visual Weather and related products such as NAMIS and Aero Weather lies in insufficient validation of input data. Exploiting this vulnerability could allow an...
MAL-2025-4809 Malicious code in @loybung/weather-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b8141e9c6d2ba6d7cf52aea200f4a596b4e7151c2c3a67b2713cd2cacc96038 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @loybung/weather-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b8141e9c6d2ba6d7cf52aea200f4a596b4e7151c2c3a67b2713cd2cacc96038 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-35755
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in El tiempo Weather Widget Pro allows Stored XSS.This issue affects Weather Widget Pro: from n/a through 1.1.40...
CVE-2024-3108
An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization...
CVE-2023-0360
The Location Weather WordPress plugin before 1.3.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-30715
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission...
CVE-2022-28780
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information...
CVE-2022-47179
Cross-Site Request Forgery CSRF vulnerability in Uwe Jacobs OWM Weather plugin = 5.6.11 leads to post duplication as a draft...
CVE-2022-25815
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent...
CVE-2021-24683
The Weather Effect WordPress plugin before 1.3.4 does not have any CSRF checks in place when saving its settings, and do not validate or escape them, which could lead to Stored Cross-Site Scripting issue...