Security Vulnerabilities - CVEs Published In April 2025
An unauthenticated attacker can obtain other users' charger information.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
An unauthenticated attacker can obtain EV charger energy consumption information of other users.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
An attacker can upload an arbitrary file instead of a plant image.
CVSS Score
9.3
EPSS Score
0.001
Published
2025-04-15
Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).
CVSS Score
6.9
EPSS Score
0.006
Published
2025-04-15
Unauthenticated attackers can query an API endpoint and get device details.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
Shopware prior to version 6.5.8.13 is affected by a SQL injection vulnerability in the /api/search/order endpoint. NOTE: this issue exists because of a CVE-2024-22406 and CVE-2024-42357 regression.
CVSS Score
6.8
EPSS Score
0.028
Published
2025-04-15
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
Unauthenticated attackers can retrieve full list of users associated with arbitrary accounts.
CVSS Score
6.9
EPSS Score
0.003
Published
2025-04-15
Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.
CVSS Score
8.3
EPSS Score
0.201
Published
2025-04-15