📰 Cyber Feed Aggregator

🛡️ Vulnerabilities

Latest Vulnerabilities coverage curated from trusted cybersecurity sources.

• CVE-2025-36754 - Authentication bypass on web interface
  Latest High/Critical Vulnerabilitiy Feed — 2025-12-13T16:16:54.570Z

  CVE ID : CVE-2025-36754 Published : Dec. 13, 2025, 4:16 p.m. | 17 hours, 9 minutes ago Description : The authentication mechanism on web interface is not properly implemented. It is possible to bypass authentication checks by crafting a post request with new settings since there is no session token or...

• CVE-2025-36753 - SWD Interface Open on Growatt ShineLan-X
  Latest High/Critical Vulnerabilitiy Feed — 2025-12-13T16:16:54.430Z

  CVE ID : CVE-2025-36753 Published : Dec. 13, 2025, 4:16 p.m. | 17 hours, 9 minutes ago Description : The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...

• CVE-2025-36752 - Undocumented backup Account and No Password Configuration Capability
  Latest High/Critical Vulnerabilitiy Feed — 2025-12-13T16:16:54.300Z

  CVE ID : CVE-2025-36752 Published : Dec. 13, 2025, 4:16 p.m. | 17 hours, 9 minutes ago Description : Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting...

• CVE-2025-36751 - Missing encryption on Local Configuration Interface or Cloud Endpoint Communication - Growatt MIC3300TL-X and ShineLan-X
  Latest High/Critical Vulnerabilitiy Feed — 2025-12-13T16:16:54.160Z

  CVE ID : CVE-2025-36751 Published : Dec. 13, 2025, 4:16 p.m. | 17 hours, 9 minutes ago Description : Encryption is missing on the configuration interface for Growatt ShineLan-X and MIC 3300TL-X. This allows an attacker with access to the network to intercept and potentially manipulate communication requests between...

• CVE-2025-36750 - Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X
  Latest High/Critical Vulnerabilitiy Feed — 2025-12-13T16:16:54.023Z

  CVE ID : CVE-2025-36750 Published : Dec. 13, 2025, 4:16 p.m. | 17 hours, 9 minutes ago Description : ShineLan-X contains a stored cross site scripting (XSS) vulnerability in the Plant Name field. A HTML payload will be displayed on the plant management page via a direct post. This may allow attackers to force a...