Lucene search
+L

44 matches found

NVD
NVD
added 2026/01/15 5:16 p.m.6 views

CVE-2025-62193

Sites running NOAA PMEL Live Access Server LAS are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands. Fixed in a version of...

9.8CVSS0.01199EPSS
Exploits0References7
CVE
CVE
added 2026/01/15 4:44 p.m.19 views

CVE-2025-62193

The CVE-2025-62193 entry describes a remote code execution vulnerability in NOAA PMEL Live Access Server (LAS). Affected component: LAS handling PyFerret expressions in requests, exploitable via a SPAWN command by an unauthenticated remote attacker to execute arbitrary OS commands. Impact per sou...

9.8CVSS8.2AI score0.01199EPSS
Exploits0References7
OSV
OSV
added 2026/01/15 4:44 p.m.6 views

CVE-2025-62193 NOAA PMEL Live Access Server (LAS) PyFerret command injection

Sites running NOAA PMEL Live Access Server LAS are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands. Fixed in a version of...

9.3CVSS6.8AI score0.01199EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-19972

Malicious code in bioql PyPI...

7.7CVSS6.5AI score0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/06 11:21 a.m.6 views

CVE-2025-28980

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation Weather from NOAA: from n/a through = 0.7.2...

7.7CVSS5.9AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2025/07/04 12:15 p.m.4 views

CVE-2025-28980

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation Weather from NOAA: from n/a through = 0.7.2...

7.7CVSS0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/04 11:18 a.m.12 views

CVE-2025-28980 WordPress Aviation Weather from NOAA plugin <= 0.7.2 - Arbitrary File Deletion Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in machouinard Aviation Weather from NOAA aviation-weather-from-noaa allows Path Traversal.This issue affects Aviation Weather from NOAA: from n/a through = 0.7.2...

7.7CVSS0.00392EPSS
Exploits0References1
CVE
CVE
added 2025/07/04 11:18 a.m.18 views

CVE-2025-28980

CVE-2025-28980 is a path traversal vulnerability in the WordPress plugin “Aviation Weather from NOAA” (versions

7.7CVSS5.9AI score0.00392EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/04 12:0 a.m.2 views

PT-2025-27904 · Noaa · Aviation Weather

Name of the Vulnerable Software and Affected Versions: Aviation Weather from NOAA versions 0.7.2 and earlier Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in the affected software...

7.7CVSS5.9AI score0.00392EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2024/01/24 11:10 p.m.10 views

wpc.ncep.noaa.gov Cross Site Scripting vulnerability OBB-3842838

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/09/08 9:3 p.m.18 views

Friday Squid Blogging: Glass Squid Video

Heres a fantastic video of Taonius Borealis, a glass squid, from NOAA. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

6.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/12/20 5:42 p.m.17 views

star.nesdis.noaa.gov Cross Site Scripting vulnerability OBB-3111133

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/01/01 1:15 a.m.2 views

afwizard (=1.0.1), frontpy (>=0.1.6 <=0.1.14) +4 more potentially affected by CVE-2021-45943 via gdal (>=3.3.2 <=3.4.0)

gdal PYPI version =3.3.2, =0.1.6, =0.1.1, =0.1.0, =0.2.4, =0.1.3, =0.1.4 Source cves: CVE-2021-45943 Source advisory: OSV:PYSEC-2022-43065...

5.5CVSS6.4AI score0.01491EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2021/11/21 8:22 a.m.11 views

ready2.arl.noaa.gov Cross Site Scripting vulnerability OBB-2278399

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/11/11 2:34 p.m.12 views

All Vulnerabilities for noc.nwave.noaa.gov Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| noc.nwave.noaa.gov ---|--- Open Bug...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/10/30 3:1 a.m.11 views

All Vulnerabilities for nauticalcharts.noaa.gov Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| nauticalcharts.noaa.gov ---|--- Open Bu...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/10/21 7:3 a.m.22 views

eastcoast.coastwatch.noaa.gov Cross Site Scripting vulnerability OBB-2189230

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| eastcoast.coastwatch.noaa.gov ---|---...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/10/17 9:39 p.m.28 views

All Vulnerabilities for eastcoast.coastwatch.noaa.gov Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| eastcoast.coastwatch.noaa.gov ---|---...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/10/15 1:10 p.m.9 views

eastcoast.coastwatch.noaa.gov Cross Site Scripting vulnerability OBB-2169425

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| eastcoast.coastwatch.noaa.gov ---|---...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2021/10/06 9:51 a.m.15 views

codes.nws.noaa.gov Cross Site Scripting vulnerability OBB-2158329

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Rows per page
Query Builder