Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (949 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-34150 1 Micodus 2 Mv720, Mv720 Firmware 2025-04-16 7.1 High
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification.
CVE-2022-33944 1 Micodus 2 Mv720, Mv720 Firmware 2025-04-16 6.5 Medium
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST parameter “Device ID,” which accepts arbitrary device IDs.
CVE-2025-31933 2025-04-16 5.3 Medium
An unauthenticated attacker can check the existence of usernames in the system by querying an API.
CVE-2025-31357 2025-04-16 5.3 Medium
An unauthenticated attacker can obtain a user's plant list by knowing the username.
CVE-2025-31941 2025-04-16 5.3 Medium
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username.
CVE-2025-27568 2025-04-16 5.3 Medium
An unauthenticated attacker can get users' emails by knowing usernames. A password reset email will be sent in response to this unsolicited request.
CVE-2025-30254 2025-04-16 5.3 Medium
An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username.
CVE-2025-27939 2025-04-16 7.5 High
An attacker can change registered email addresses of other users and take over arbitrary accounts.
CVE-2025-27938 2025-04-16 5.3 Medium
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms").
CVE-2025-30514 2025-04-16 5.3 Medium
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes").
CVE-2025-31654 2025-04-16 5.3 Medium
An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms").
CVE-2025-27719 2025-04-16 5.3 Medium
Unauthenticated attackers can query an API endpoint and get device details.
CVE-2025-26857 2025-04-16 5.3 Medium
Unauthenticated attackers can rename arbitrary devices of arbitrary users (i.e., EV chargers).
CVE-2025-31945 2025-04-16 5.3 Medium
An unauthenticated attacker can obtain other users' charger information.
CVE-2025-31950 2025-04-16 5.3 Medium
An unauthenticated attacker can obtain EV charger energy consumption information of other users.
CVE-2025-27575 2025-04-16 5.3 Medium
An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID.
CVE-2025-27565 2025-04-16 5.3 Medium
An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs.
CVE-2025-25276 2025-04-16 5.3 Medium
An unauthenticated attacker can hijack other users' devices and potentially control them.
CVE-2025-31360 2025-04-16 6.5 Medium
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
CVE-2025-31147 2025-04-16 5.3 Medium
Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.