Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (1525 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2025-24850 1 Growatt 1 Cloud Portal 2025-11-14 5.3 Medium
An attacker can export other users' plant information.
CVE-2025-25276 1 Growatt 1 Cloud Portal 2025-11-14 5.3 Medium
An unauthenticated attacker can hijack other users' devices and potentially control them.
CVE-2025-26857 1 Growatt 1 Cloud Portal 2025-11-14 5.3 Medium
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).
CVE-2025-27561 1 Growatt 1 Cloud Portal 2025-11-14 5.3 Medium
Unauthenticated attackers can rename "rooms" of arbitrary users.
CVE-2025-27565 1 Growatt 1 Cloud Portal 2025-11-14 5.3 Medium
An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs.
CVE-2025-27575 1 Growatt 1 Cloud Portal 2025-11-14 5.3 Medium
An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID.
CVE-2025-27719 1 Growatt 1 Cloud Portal 2025-11-14 5.3 Medium
Unauthenticated attackers can query an API endpoint and get device details.
CVE-2025-27927 1 Growatt 1 Cloud Portal 2025-11-14 5.3 Medium
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.
CVE-2025-27929 1 Growatt 1 Cloud Portal 2025-11-14 5.3 Medium
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts.
CVE-2025-30257 1 Growatt 1 Cloud Portal 2025-11-14 5.3 Medium
Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.
CVE-2025-31147 1 Growatt 1 Cloud Portal 2025-11-14 5.3 Medium
Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.
CVE-2024-12767 1 Buddyboss 1 Buddyboss Platform 2025-11-13 3.5 Low
The buddyboss-platform WordPress plugin before 2.7.60 lacks proper access controls and allows a logged-in user to view comments on private posts
CVE-2025-27938 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms").
CVE-2025-27939 1 Growatt 1 Cloud Portal 2025-11-12 7.5 High
An attacker can change registered email addresses of other users and take over arbitrary accounts.
CVE-2025-30254 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username.
CVE-2025-30514 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes").
CVE-2025-62241 1 Liferay 2 Digital Experience Platform, Dxp 2025-11-12 4.3 Medium
Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId parameter.
CVE-2025-31950 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
An unauthenticated attacker can obtain EV charger energy consumption information of other users.
CVE-2025-31945 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
An unauthenticated attacker can obtain other users' charger information.
CVE-2025-31654 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms").