44 matches found
CVE-2025-62193
Sites running NOAA PMEL Live Access Server LAS are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands. Fixed in a version of...
CVE-2025-62193
Sites running NOAA PMEL Live Access Server LAS are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands. Fixed in a version of...
CVE-2025-62193
The CVE-2025-62193 entry describes a remote code execution vulnerability in NOAA PMEL Live Access Server (LAS). Affected component: LAS handling PyFerret expressions in requests, exploitable via a SPAWN command by an unauthenticated remote attacker to execute arbitrary OS commands. Impact per sou...
EUVD-2025-19972
Malicious code in bioql PyPI...
CVE-2025-28980
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation Weather from NOAA: from n/a through = 0.7.2...
CVE-2025-28980
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation Weather from NOAA: from n/a through = 0.7.2...
CVE-2025-28980 WordPress Aviation Weather from NOAA plugin <= 0.7.2 - Arbitrary File Deletion Vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation Weather from NOAA: from n/a through = 0.7.2...
CVE-2025-28980
CVE-2025-28980 is a path traversal vulnerability in the WordPress plugin “Aviation Weather from NOAA” (versions
PT-2025-27904 · Noaa · Aviation Weather
Name of the Vulnerable Software and Affected Versions: Aviation Weather from NOAA versions 0.7.2 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in the affected software...
wpc.ncep.noaa.gov Cross Site Scripting vulnerability OBB-3842838
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Friday Squid Blogging: Glass Squid Video
Heres a fantastic video of Taonius Borealis, a glass squid, from NOAA. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...
star.nesdis.noaa.gov Cross Site Scripting vulnerability OBB-3111133
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
afwizard (=1.0.1), frontpy (>=0.1.6 <=0.1.14) +4 more potentially affected by CVE-2021-45943 via gdal (>=3.3.2 <=3.4.0)
gdal PYPI version =3.3.2, =0.1.6, =0.1.1, =0.1.0, =0.2.4, =0.1.3, =0.1.4 Source cves: CVE-2021-45943 Source advisory: OSV:PYSEC-2022-43065...
ready2.arl.noaa.gov Cross Site Scripting vulnerability OBB-2278399
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
All Vulnerabilities for noc.nwave.noaa.gov Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| noc.nwave.noaa.gov ---|--- Open Bug...
All Vulnerabilities for nauticalcharts.noaa.gov Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| nauticalcharts.noaa.gov ---|--- Open Bu...
eastcoast.coastwatch.noaa.gov Cross Site Scripting vulnerability OBB-2189230
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| eastcoast.coastwatch.noaa.gov ---|---...
All Vulnerabilities for eastcoast.coastwatch.noaa.gov Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| eastcoast.coastwatch.noaa.gov ---|---...
eastcoast.coastwatch.noaa.gov Cross Site Scripting vulnerability OBB-2169425
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| eastcoast.coastwatch.noaa.gov ---|---...
codes.nws.noaa.gov Cross Site Scripting vulnerability OBB-2158329
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...