438 matches found
WordPress heat-trackr 1.0 - Cross-Site Scripting
WordPress heat-trackr 1.0 contains a cross-site scripting vulnerability via heat-trackrabtestadd.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authenticati...
CVE-2026-25599
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
CVE-2026-25599
CVE-2026-25599 involves Orca heat pump devices communicating with the Orca server over unencrypted HTTP, with missing authentication and input validation on aggregated data. This combination enables stored XSS in the heat pump web control interface and potential cookie theft, as well as attacker ...
PT-2026-45397
Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...
CVE-2026-2621
CVE-2026-2621 affects Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0, specifically the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.aspx. The vulnerability stems from improper handling of the PGUID argument, enabling SQL injection that can be triggered remotely. Public exp...
CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant CHP supplying heat to almost half a million customers in...
EUVD-2014-0138
Malware in sbrugna...
EUVD-2020-4752
Malware in sbrugna...
EUVD-2009-3617
Malware in sbrugna...
EUVD-2013-6240
Malware in sbrugna...
EUVD-2016-0034
Malware in sbrugna...
EUVD-2014-0137
Malware in sbrugna...
EUVD-2014-0139
Malware in sbrugna...
EUVD-2016-10001
Malware in sbrugna...
EUVD-2016-1080
Malware in sbrugna...
EUVD-2016-0035
Malware in sbrugna...
EUVD-2015-0022
Malware in sbrugna...
EUVD-2015-5300
Malware in sbrugna...