📄 SolarEdge 3.0-2021 Cross Site Request Forgery / OOB Injection

SolarEdge version 3.0-2021 suffers from a cross site request forgery vulnerability in the /solaredge-web/p/initClient that can lead to a remote command injection vulnerability. Titles: solaredge-CSRF-OOB-Injection 3.0-2021 web portal Author: nu11secur1tyAI Date: 2026-04-26 Vendor: SolarEdge...

Microcom ZeusWeb 安全漏洞

Microcom ZeusWeb is a remote monitoring platform developed by the Spanish company Microcom. Version 6.1.31 of Microcom ZeusWeb contains a security vulnerability. This vulnerability stems from the injection of XSS payloads into the Email parameter in the “Recover password” section, which may lead ...

CVE-2025-63624

SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imeilist.aspx file...

Kopek Reem ReKord Client SQL注入漏洞

Kopek Reem ReKord Client is a centralized monitoring and management platform from Kopek Israel. Kopek Reem ReKord Client suffers from a SQL injection vulnerability that stems from improper neutralization of special elements, which could lead to a SQL injection attack...

CVE-2025-36746 SolarEdge Monitoring Platform contains a XSS upon report deletion

SolarEdge monitoring platform contains a Cross‑Site Scripting XSS flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt...

CVE-2025-36746

SolarEdge Monitoring Platform contains a Cross‑Site Scripting (XSS) flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt. The affected product is the SolarEdge Monitoring Platform; the vulnerability is trigg...

SolarEdge Monitoring platform 安全漏洞

The SolarEdge Monitoring platform is a monitoring platform from the Israeli company SolarEdge. A security vulnerability exists in the SolarEdge Monitoring platform that stems from a cross-site scripting flaw that could cause a victim's browser to execute malicious code...

SolisCloud Monitoring Platform 安全漏洞

SolisCloud Monitoring Platform is a monitoring platform from SolisCloud, Inc. A security vulnerability exists in SolisCloud Monitoring Platform that stems from improper access control and could lead to unsafe direct object references...

EUVD-2024-1694

Malicious code in bioql PyPI...

EUVD-2025-24060

Malicious code in bioql PyPI...

SolaX Cloud 安全漏洞

SolaX Cloud is a PV monitoring and management platform from SolaX China. A security vulnerability exists in SolaX Cloud that stems from a bypass of the Forgot Password feature, which could lead to an authentication attempt limit bypass...

SolaX Cloud 安全漏洞

SolaX Cloud is a photovoltaic monitoring and management platform from SolaX China. A security vulnerability exists in SolaX Cloud, which stems from the username suggestion feature leaking sensitive information...

CVE-2025-8773

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...

CVE-2025-8773

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...

CVE-2025-8773 Dinstar Monitoring Platform 甘肃省危险品库监控平台 login_getPasswordErrorNum.action sql injection

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...

CVE-2025-8773 Dinstar Monitoring Platform 甘肃省危险品库监控平台 login_getPasswordErrorNum.action sql injection

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...

Dinstar Monitoring Platform SQL注入漏洞

Gansu Province Dangerous Goods Depot Monitoring Platform is a digital management system for real-time monitoring of dangerous goods storage and transportation. There is a SQL injection vulnerability in the Gansu Dangerous Goods Depot Monitoring Platform of Shenzhen Dingxintongda Technology Co.,...

PT-2025-32454 · Dinstar · Dinstar Monitoring Platform

Name of the Vulnerable Software and Affected Versions: Dinstar Monitoring Platform version 1.0 Description: A critical vulnerability exists in Dinstar Monitoring Platform 甘肃省危险品库监控平台. The issue is a SQL injection vulnerability stemming from the manipulation of the userBean.loginName argument with...

GHSA-3C93-92R7-J934 Grafana Infinity Datasource Plugin SSRF Vulnerability

Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints. If the plugin was configured to allow only certain URLs, an attacker could bypass this...

XORUX LPAR2RRD 安全漏洞

XORUX LPAR2RRD is a server performance monitoring platform from the Czech company XORUX. A security vulnerability exists in XORUX LPAR2RRD that stems from improper privilege management and could lead to process termination...