Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34913
An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows malicious users to execute arbitrary code via uploading a crafted PDF file.
NA
CVE-2024-4904
A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attac...
NA
CVE-2024-4910
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads ...
NA
CVE-2024-34025
CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges.
NA
CVE-2023-40297
Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.
1 Github repository
NA
CVE-2024-32042
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.
NA
CVE-2024-31856
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code.
NA
CVE-2024-31409
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device.
NA
CVE-2024-34909
An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows malicious users to execute arbitrary code via uploading a crafted PDF file.
NA
CVE-2024-31410
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an malicious user to impersonate any client in the system and send malicious data.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »