Cloud Services
by Lexmark
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-29757 | Cri | 0.61 | — | 0.00 | Jul 19, 2025 | An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account. | ||
| CVE-2024-7205 | Cri | 0.61 | — | 0.00 | Jul 31, 2024 | When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information. | ||
| CVE-2025-4046 | Hig | 0.55 | 8.5 | 0.00 | Aug 19, 2025 | A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization | ||
| CVE-2023-26316 | 0.00 | — | 0.00 | Aug 2, 2023 | A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies. |
- risk 0.61cvss —epss 0.00
An incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid account to transfer any plant into his/her account.
- risk 0.61cvss —epss 0.00
When the device is shared, the homepage module are before 2.19.0 in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.
- risk 0.55cvss 8.5epss 0.00
A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization
- CVE-2023-26316Aug 2, 2023risk 0.00cvss —epss 0.00
A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.