726 matches found
Personal Weather Station Dashboard 12 - Directory Traversal
Personal Weather Station Dashboard 12lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/test.php, as demonstrated by reading the server's private SSL key in cleartext. id: CVE-2025-47423 info: name: Personal Weather...
Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting
The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability. id: CVE-2014-4561 info: name: Ultimate Weather Plugin = 1.0 - Cross-Site Scripting author: daffainfo severity: medium description: The ultimate-weather plugin 1.0 for WordPress contains a cross-site...
CVE-2026-7249
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...
CVE-2026-7249
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...
CVE-2026-7249 Location Weather <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...
EUVD-2026-31404
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...
CVE-2026-7249
The CVE-2026-7249 entry pertains to the WordPress Location Weather plugin (versions up to 3.0.2). It lacks capability checks in splw_update_block_options() and lwp_clean_weather_transients(), allowing authenticated contributors+ to disable all weather blocks and purge weather cache transients. Th...
CVE-2026-7249 Location Weather <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splwupdateblockoptions and lwpcleanweathertransients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with...
WordPress plugin Location Weather 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-42727
The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the splw update block options and lwp clean weather transients functions in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers...
WordPress Location Weather – WordPress Weather Forecast, AQI, Temperature and Weather Widget plugin <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging vulnerability
Missing Authorization to Authenticated Contributor+ Block Settings Modification and Cache Purging vulnerability discovered by momopon1415 in WordPress Plugin Location Weather versions = 3.0.2...
Malicious code in github.com/BufferZoneCorp/go-weather-sdk (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
MAL-2026-3626 Malicious code in github.com/BufferZoneCorp/go-weather-sdk (Go)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...
MAL-2026-3456 Malicious code in @squawk/weather (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72341a088009d96497c994e0a076b60b00bf65b365831ef16abe360f5c6cf874 The package @squawk/weather was found to contain malicious code. Source: ghsa-malware 71445d30bdef8256424a60e0abf2f5e2ce43b8c7dffa1476bd2ee7001013720...
Malicious code in @squawk/weather (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72341a088009d96497c994e0a076b60b00bf65b365831ef16abe360f5c6cf874 The package @squawk/weather was found to contain malicious code. Source: ghsa-malware 71445d30bdef8256424a60e0abf2f5e2ce43b8c7dffa1476bd2ee7001013720...
@squawk/mcp (>=0.4.1 <=0.6.0) potentially affected by unknown CVE via @squawk/weather (>=0.3.4 <=0.4.1)
@squawk/weather NPM version =0.3.4, =0.4.1, =0.6.0 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3456...
@squawk/mcp (>=0.4.1 <=0.6.0) potentially affected by unknown CVE via @squawk/weather (>=0.3.4 <=0.4.1)
@squawk/weather NPM version =0.3.4, =0.4.1, =0.6.0 Source cves: unknown CVE Source advisory: SNYK:JS-SQUAWKWEATHER-16640874...
Hacking Polymarket
Polymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside for one, it facilitates assassination, one of the issues with making this work is the verification of these real-world events. Polymarket gamblers have...
CVE-2026-1822
The WP NG Weather plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ng-weather' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress WP NG Weather plugin <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP NG Weather versions = 1.0.9...