CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-22369 |
Description: The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-22368 |
Description: The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.
CVSS: HIGH (8.7) EPSS Score: 0.08%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-22367 |
Description: The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
CVSS: HIGH (8.7) EPSS Score: 0.08%
March 11th, 2025 (4 months ago)
|
|
CVE-2025-22366 |
Description: The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.
CVSS: HIGH (8.7) EPSS Score: 0.08%
March 11th, 2025 (4 months ago)
|
|
CVE-2024-27120 |
Description: A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2.
CVSS: HIGH (7.7) EPSS Score: 0.29% SSVC Exploitation: none
March 11th, 2025 (4 months ago)
|
|
CVE-2024-21881 |
Description: Inadequate Encryption Strength vulnerability allow an authenticated attacker to execute arbitrary OS Commands via encrypted package upload.This issue affects Envoy: 4.x and 5.x
CVSS: HIGH (8.6) EPSS Score: 0.04% SSVC Exploitation: none
March 11th, 2025 (4 months ago)
|
|
CVE-2024-21880 |
Description: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) allows OS Command Injection.This issue affects Envoy: 4.x <= 7.x
CVSS: HIGH (8.6) EPSS Score: 1.09% SSVC Exploitation: none
March 11th, 2025 (4 months ago)
|
|
CVE-2024-21879 |
Description: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.
CVSS: HIGH (8.7) EPSS Score: 1.57% SSVC Exploitation: none
March 11th, 2025 (4 months ago)
|
|
CVE-2024-21878 |
Description: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is present in an internal script.This issue affects Envoy: from 4.x up to and including 8.x and is currently unpatched.
CVSS: HIGH (7.1) EPSS Score: 0.31% SSVC Exploitation: none
March 11th, 2025 (4 months ago)
|
|
CVE-2024-21877 |
Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225
Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endpoint requires authentication.This issue affects Envoy: from 4.x to 8.0 and < 8.2.4225.
CVSS: HIGH (8.6) EPSS Score: 0.15% SSVC Exploitation: none
March 11th, 2025 (4 months ago)
|