CVE-2025-15573

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...

CVE-2025-15574

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...

CVE-2025-15574

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...

CVE-2025-15573

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...

CVE-2025-15574

When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...

CVE-2025-15573

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...

PT-2026-7836

Name of the Vulnerable Software and Affected Versions Solax Power Pocket WiFi models affected versions not specified Description The username for connecting to the Solax Cloud MQTT server is the “registration number,” a 10-character string found on the SolaX Power Pocket device or its QR code. Th...

PT-2026-7834

Name of the Vulnerable Software and Affected Versions SolaX devices affected versions not specified Description Devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a...

EUVD-2025-27527

Malicious code in bioql PyPI...

EUVD-2025-27526

Malicious code in bioql PyPI...

EUVD-2025-27528

Malicious code in bioql PyPI...

EUVD-2025-27529

Malicious code in bioql PyPI...

CVE-2025-36756

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...

CVE-2025-36757

It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system...

CVE-2025-36758

It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle...

CVE-2025-36759

Through the provision of user names, SolaX Cloud will suggest similar user accounts and thereby leak sensitive information such as user email addresses and phone numbers...

CVE-2025-36758

It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle...

CVE-2025-36757

It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to the system...

CVE-2025-36756

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...

CVE-2025-36759

CVE-2025-36759 affects SolaX Cloud. The vulnerability stems from the username-suggestion feature that can reveal other users’ emails and phone numbers. Impact is information disclosure of user contact data (confidentiality HIGH). Connected sources confirm SolaX Cloud and the leakage via similar a...