Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-02-13 | CVE-2025-20615 | Privacy Violation vulnerability in Qardio 2.7.4 The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. | 6.6 |
2025-02-13 | CVE-2025-22896 | Cleartext Storage of Sensitive Information vulnerability in Myscada Mypro mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information. | 7.5 |
2025-02-13 | CVE-2025-23411 | Cross-Site Request Forgery (CSRF) vulnerability in Myscada Mypro mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. | 6.5 |
2025-02-13 | CVE-2025-24861 | Command Injection vulnerability in Outbackpower Mojave Inverter Oghi8048A Firmware An attacker may inject commands via specially-crafted post requests. | 9.8 |
2025-02-13 | CVE-2025-24865 | Missing Authentication for Critical Function vulnerability in Myscada Mypro The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password. | 9.8 |
2025-02-13 | CVE-2025-25067 | OS Command Injection vulnerability in Myscada Mypro mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. | 9.8 |
2025-02-13 | CVE-2025-25281 | Information Exposure vulnerability in Outbackpower Mojave Inverter Oghi8048A Firmware An attacker may modify the URL to discover sensitive information about the target network. | 7.5 |
2025-02-13 | CVE-2025-26473 | Information Exposure Through Query Strings in GET Request vulnerability in Outbackpower Mojave Inverter Oghi8048A Firmware The Mojave Inverter uses the GET method for sensitive information. | 7.5 |
2025-02-13 | CVE-2025-22480 | Link Following vulnerability in Dell Supportassist 3.2.0.90 Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. | 7.8 |
2025-02-13 | CVE-2025-25352 | SQL Injection vulnerability in PHPgurukul Land Record System 1.0 A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter. | 7.2 |