Filtered by vendor Growatt Subscriptions

Search

Switch to Advanced Search (Beta)
Total 11 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-27938 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms").
CVE-2025-27939 1 Growatt 1 Cloud Portal 2025-11-12 7.5 High
An attacker can change registered email addresses of other users and take over arbitrary accounts.
CVE-2025-30254 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username.
CVE-2025-30511 1 Growatt 1 Cloud Portal 2025-11-12 8.8 High
An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant.
CVE-2025-30514 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes").
CVE-2025-31950 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
An unauthenticated attacker can obtain EV charger energy consumption information of other users.
CVE-2025-31945 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
An unauthenticated attacker can obtain other users' charger information.
CVE-2025-31654 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms").
CVE-2025-31360 1 Growatt 1 Cloud Portal 2025-11-12 6.5 Medium
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users.
CVE-2025-27568 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
An unauthenticated attacker can get users' emails by knowing usernames. A password reset email will be sent in response to this unsolicited request.
CVE-2025-24487 1 Growatt 1 Cloud Portal 2025-11-12 5.3 Medium
An unauthenticated attacker can infer the existence of usernames in the system by querying an API.