Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2025-02-13 CVE-2025-20615 Privacy Violation vulnerability in Qardio 2.7.4
The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file.
low complexity
qardio CWE-359
6.6
2025-02-13 CVE-2025-22896 Cleartext Storage of Sensitive Information vulnerability in Myscada Mypro
mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
network
low complexity
myscada CWE-312
7.5
2025-02-13 CVE-2025-23411 Cross-Site Request Forgery (CSRF) vulnerability in Myscada Mypro
mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information.
network
low complexity
myscada CWE-352
6.5
2025-02-13 CVE-2025-24861 Command Injection vulnerability in Outbackpower Mojave Inverter Oghi8048A Firmware
An attacker may inject commands via specially-crafted post requests.
network
low complexity
outbackpower CWE-77
critical
9.8
2025-02-13 CVE-2025-24865 Missing Authentication for Critical Function vulnerability in Myscada Mypro
The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password.
network
low complexity
myscada CWE-306
critical
9.8
2025-02-13 CVE-2025-25067 OS Command Injection vulnerability in Myscada Mypro
mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
network
low complexity
myscada CWE-78
critical
9.8
2025-02-13 CVE-2025-25281 Information Exposure vulnerability in Outbackpower Mojave Inverter Oghi8048A Firmware
An attacker may modify the URL to discover sensitive information about the target network.
network
low complexity
outbackpower CWE-200
7.5
2025-02-13 CVE-2025-26473 Information Exposure Through Query Strings in GET Request vulnerability in Outbackpower Mojave Inverter Oghi8048A Firmware
The Mojave Inverter uses the GET method for sensitive information.
network
low complexity
outbackpower CWE-598
7.5
2025-02-13 CVE-2025-22480 Link Following vulnerability in Dell Supportassist 3.2.0.90
Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability.
local
low complexity
dell CWE-59
7.8
2025-02-13 CVE-2025-25352 SQL Injection vulnerability in PHPgurukul Land Record System 1.0
A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter.
network
low complexity
phpgurukul CWE-89
7.2