129 matches found
EUVD-2025-21950
Malicious code in bioql PyPI...
CVE-2025-29757
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account...
CVE-2025-29757
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account...
CVE-2025-29757
CVE-2025-29757 involves an incorrect authorization check in the Growatt cloud service’s plant transfer function. The vulnerability allows a malicious user with a valid account to transfer any plant into their own account, due to insufficient access control. Affected component: Growatt cloud servi...
CVE-2025-29757
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account...
CVE-2025-29757
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account...
PT-2025-30116 · Growatt · Growatt Cloud Service
Name of the Vulnerable Software and Affected Versions: Growatt cloud service affected versions not specified Description: An incorrect authorisation check exists in the 'plant transfer' function. This allows a malicious attacker with a valid account to transfer any plant into their account...
Growatt cloud service 安全漏洞
Growatt cloud service is an OSS management system from Growatt, a Chinese company. A security vulnerability exists in Growatt cloud service, which stems from improper authorization checking and could lead to elevation of privilege...
Growatt Cloud Applications Authorization Bypass Vulnerability (CNVD-2025-14960)
Growatt Cloud Applications is a monitoring platform from Growatt in China. An authorization bypass vulnerability exists in Growatt Cloud Applications 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a user's email by knowing the username, resulting in a...
Growatt Cloud Applications Security Bypass Vulnerability (CNVD-2025-14962)
Growatt Cloud Applications is a monitoring platform from Growatt in China. A security bypass vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to add another user's device to a scenario...
Growatt Cloud Applications Information Disclosure Vulnerability
Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to query API endpoints and obtain device details...
Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14963)
Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to query the total energy consumption information of any...
Growatt Cloud Applications Security Bypass Vulnerability
Growatt Cloud Applications is a monitoring platform from Growatt in China. A security bypass vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by unauthenticated attackers to send configuration settings and potentially perform physical...
Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14964)
Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a list of smart devices via a valid username...
Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14959)
Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a user's plant list by username...
Growatt Cloud Applications Information Disclosure Vulnerability (CNVD-2025-14965)
Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain information about another user's electric vehic...
Growatt Cloud Applications Authorization Bypass Vulnerability
Growatt Cloud Applications is a monitoring platform from Growatt in China. An authorization bypass vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain restricted information about a user's smart devic...
CVE-2025-27929 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts...
CVE-2025-27929 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts...
CVE-2025-27929
CVE-2025-27929 affects Growatt Cloud Applications. The connected sources confirm an unauthenticated attacker can retrieve the full list of users associated with arbitrary accounts, implying a potential authorization/identity exposure vulnerability. Public details specifically mention Growatt Clou...