Full List

Search

Recent Vulnerabilities

• CVE-2025-26730 • published on April 15, 2025 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NotFound Macro Calculator with Admin Email Optin & Data. This issue affects Macro Calculator with Admin Email Optin & Data: from n/a through 1.0.
• CVE-2025-22269 • published on April 15, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC Real Testimonials allows Stored XSS. This issue affects Real Testimonials: from n/a through 3.1.6.
• CVE-2025-22268 • published on April 15, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Stored XSS. This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.7.0.1.
• CVE-2025-22263 • published on April 15, 2025 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery allows Reflected XSS. This issue affects Global Gallery: from n/a through 8.8.0.
• CVE-2025-31147 • published on April 15, 2025 Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.
• CVE-2025-31360 • published on April 15, 2025 Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
• CVE-2025-30512 • published on April 15, 2025 Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).
• CVE-2025-27927 • published on April 15, 2025 An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.
• CVE-2025-24297 • published on April 15, 2025 Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal.
• CVE-2025-30510 • published on April 15, 2025 An attacker can upload an arbitrary file instead of a plant image.
• CVE-2025-24850 • published on April 15, 2025 An attacker can export other users' plant information.
• CVE-2025-25276 • published on April 15, 2025 An unauthenticated attacker can hijack other users' devices and potentially control them.
• CVE-2025-27565 • published on April 15, 2025 An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs.
• CVE-2025-27575 • published on April 15, 2025 An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID.
• CVE-2025-31950 • published on April 15, 2025 An unauthenticated attacker can obtain EV charger energy consumption information of other users.
• CVE-2025-31945 • published on April 15, 2025 An unauthenticated attacker can obtain other users' charger information.
• CVE-2025-26857 • published on April 15, 2025 Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).
• CVE-2025-27719 • published on April 15, 2025 Unauthenticated attackers can query an API endpoint and get device details.
• CVE-2025-31654 • published on April 15, 2025 An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms").
• CVE-2025-30514 • published on April 15, 2025 Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes").