Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4976
Out-of-bounds array write in Xpdf 4.05 and previous versions, due to missing object type check in AcroForm field reference.
NA
CVE-2024-27244
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
NA
CVE-2024-32042
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.
NA
CVE-2024-34909
An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows malicious users to execute arbitrary code via uploading a crafted PDF file.
NA
CVE-2023-40297
Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.
1 Github repository
NA
CVE-2024-31410
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an malicious user to impersonate any client in the system and send malicious data.
NA
CVE-2024-32053
Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application.
NA
CVE-2024-33615
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an malicious user to achieve remote code execution.
NA
CVE-2024-31409
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device.
NA
CVE-2024-31856
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »