6.5

CVSS3.1

CVE-2024-31409 - CyberPower PowerPanel business Incorrect Authorization

Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device.

πŸ“… Published: May 15, 2024, 8 p.m. πŸ”„ Last Modified: Aug. 7, 2025, 7:15 p.m.

5.3

CVSS4.0

CVE-2024-4910 - Campcodes Complete Web-Based School Management System student_exam_mark_insert_form1.php sql inject…

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads to sql injection. T…

πŸ“… Published: May 15, 2024, 8 p.m. πŸ”„ Last Modified: Feb. 20, 2025, 9:25 p.m.

7.5

CVSS3.1

CVE-2023-40297 -

Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.

πŸ“… Published: May 15, 2024, 7:57 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

7.7

CVSS3.1

CVE-2024-31410 - CyberPower PowerPanel business Use of Hard-coded Cryptographic Key

The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious data.

πŸ“… Published: May 15, 2024, 7:56 p.m. πŸ”„ Last Modified: July 30, 2025, 12:23 a.m.

8.8

CVSS3.1

CVE-2024-31856 - CyberPower PowerPanel business SQL Injection

An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote code.

πŸ“… Published: May 15, 2024, 7:52 p.m. πŸ”„ Last Modified: July 30, 2025, 12:20 a.m.

4.9

CVSS3.1

CVE-2024-32042 - CyberPower PowerPanel business Storing Passwords in a Recoverable Format

The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.

πŸ“… Published: May 15, 2024, 7:39 p.m. πŸ”„ Last Modified: July 30, 2025, 12:19 a.m.

9.8

CVSS3.1

CVE-2024-32047 - CyberPower PowerPanel business Active Debug Code

Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server.

πŸ“… Published: May 15, 2024, 7:36 p.m. πŸ”„ Last Modified: July 30, 2025, 12:16 a.m.

9.8

CVSS3.1

CVE-2024-32053 - CyberPower PowerPanel business Use of Hard-coded Credentials

Hard-coded credentials are used by theΒ  CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application.

πŸ“… Published: May 15, 2024, 7:34 p.m. πŸ”„ Last Modified: July 30, 2025, 12:15 a.m.

5.3

CVSS4.0

CVE-2024-4904 - Byzoro Smart S200 Management Platform userattestation.php unrestricted upload

A vulnerability was found in Byzoro Smart S200 Management Platform up to 20240507. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be initiated …

πŸ“… Published: May 15, 2024, 7:31 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.4

CVSS3.1

CVE-2024-34913 -

An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.

πŸ“… Published: May 15, 2024, 7:26 p.m. πŸ”„ Last Modified: Feb. 13, 2025, 3:53 p.m.
Total resulsts: 349182
Page 9845 of 34,919
Β« previous page Β» next page
Filters