VDE-2025-066
Aug. 27, 2025, 10:00 vorm.
A security researcher discovered a Directory Traversal vulnerability in Sunny Boy 3, which allows remote attackers to access sensitive information. The vulnerability is already fixed since January 2021 with version …
VDE-2025-050
Aug. 19, 2025, 12:00 nachm.
A security researcher discovered a data disclosure vulnerability in Sunny Portal powered by ennexOS, ennexos.sunnyportal.com. A regularly authenticated user can receive the name of an other registered Sunny Portal user …
VDE-2025-010
Mai 14, 2025, 3:00 nachm.
A security researcher discovered a privilege escalation vulnerability in the demo system area of the SMA Classic Portal, www.sunnyportal.com. Only systems of other users have been affected who unintendedly and …
VDE-2025-012
Mai 22, 2025, 3:03 nachm.
A security researcher discovered a critical Remote Code Execution vulnerability in sunnyportal.com. An attacker could upload code instead of an image and remotely execute this code.
VDE-2024-020
Feb. 12, 2025, 5:48 nachm.
A security researcher discovered a Cross Site Request Forgery (CSRF, XSRF) vulnerability in SMA Cluster Controller. The affected products are out of support (End-of-Life 2018-06-30).
VDE-2024-075
Juni 17, 2025, 8:00 vorm.
A security researcher discovered that in the affected products a clickjacking vulnerability in the web frontend exists. An attacker could lure the user to click on a malicious website which …
VDE-2024-074
Mai 14, 2025, 2:28 nachm.
A security researcher discovered that in the affected products an authenticated (administration privileges) SQL injection has been found on the administration panel allowing access to a database. The database that …