7.1
CVE-2025-22263 - WordPress Global Gallery plugin <= 8.8.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Global Gallery global-gallery allows Reflected XSS.This issue affects Global Gallery: from n/a through <= 8.8.0.
6.9
CVE-2025-31147 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can query information about total energy consumed by EV chargers of arbitrary users.
6.9
CVE-2025-31360 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
6.9
CVE-2025-30512 - Growatt Cloud portal External Control of System or Configuration Setting
Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).
6.9
CVE-2025-27927 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.
9.3
CVE-2025-24297 - Growatt Cloud portal Cross-site Scripting
Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal.
9.3
CVE-2025-30510 - Growatt Cloud portal Insufficient Type Distinction
An attacker can upload an arbitrary file instead of a plant image.
6.9
CVE-2025-24850 - Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An attacker can export other users' plant information.
0.0
CVE-2025-36542 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused
0.0
CVE-2025-36534 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused