Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4976
Out-of-bounds array write in Xpdf 4.05 and previous versions, due to missing object type check in AcroForm field reference.
NA
CVE-2024-34025
CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges.
NA
CVE-2024-34909
An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows malicious users to execute arbitrary code via uploading a crafted PDF file.
NA
CVE-2024-4910
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads ...
NA
CVE-2024-33625
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.
NA
CVE-2024-32042
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.
NA
CVE-2024-32053
Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application.
NA
CVE-2024-33615
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an malicious user to achieve remote code execution.
NA
CVE-2024-34913
An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows malicious users to execute arbitrary code via uploading a crafted PDF file.
NA
CVE-2024-31410
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an malicious user to impersonate any client in the system and send malicious data.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »