7.5
CVE-2024-34351 - Next.js Server-Side Request Forgery in Server Actions
Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests thβ¦
7.5
CVE-2024-34350 - Next.js Vulnerable to HTTP Request Smuggling
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. Thβ¦
6.5
CVE-2024-33454 -
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the Bluetooth stack component.
7.5
CVE-2024-32739 - CyberPower PowerPanel Enterprise SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.Β An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function within MCUDBHelper.
7.5
CVE-2024-32738 - CyberPower PowerPanel Enterprise SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.Β An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper.
7.5
CVE-2024-32737 - CyberPower PowerPanel Enterprise SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.Β An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper.
7.5
CVE-2024-32736 - CyberPower PowerPanel Enterprise SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.Β An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper.
8.1
CVE-2024-34345 - @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.
9.8
CVE-2024-32735 - CyberPower PowerPanel Enterprise Missing Authentication
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3.Β An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
6.5
CVE-2024-34354 - CMSaasStarter: JWT Token Not Verified on Server Session
CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch 7904d4β¦