9.8
CVE-2024-34909 -
An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.
6.3
CVE-2024-34906 -
An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.
8.8
CVE-2024-33615 - CyberPower PowerPanel business Relative Path Traversal
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution.
9.8
CVE-2024-33625 - CyberPower PowerPanel business Use of Hard-coded Password
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.
9.8
CVE-2024-34025 - CyberPower PowerPanel business Use of Hard-coded Password
CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges.
5.3
CVE-2024-4909 - Campcodes Complete Web-Based School Management System student_due_payment.php sql injection
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the attacβ¦
5.3
CVE-2024-4908 - Campcodes Complete Web-Based School Management System student_attendance_history1.php sql injection
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument index leads to sql injection. The attack may be initiatedβ¦
5.3
CVE-2024-4907 - Campcodes Complete Web-Based School Management System show_student2.php sql injection
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. Tβ¦
5.3
CVE-2024-4906 - Campcodes Complete Web-Based School Management System show_student1.php sql injection
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_student1.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely.β¦
8.8
CVE-2024-35102 -
Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv-m8105) 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script.