7.5
CVE-2024-32739 - CyberPower PowerPanel Enterprise SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.Β An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function within MCUDBHelper.
7.5
CVE-2024-32738 - CyberPower PowerPanel Enterprise SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.Β An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper.
7.5
CVE-2024-32737 - CyberPower PowerPanel Enterprise SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.Β An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper.
7.5
CVE-2024-32736 - CyberPower PowerPanel Enterprise SQL Injection
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3.Β An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper.
8.1
CVE-2024-34345 - @cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1.
9.8
CVE-2024-32735 - CyberPower PowerPanel Enterprise Missing Authentication
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3.Β An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
6.5
CVE-2024-34354 - CMSaasStarter: JWT Token Not Verified on Server Session
CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch 7904d4β¦
6.5
CVE-2024-34352 - Arbitrary file write vulnerability in 1Panel
1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol β¦
5.3
CVE-2024-4678 - Campcodes Complete Web-Based School Management System find_friends.php cross site scripting
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/find_friends.php. The manipulation of the argument my_type leads to cross site scripting. The attβ¦
8.1
CVE-2024-32655 - Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
Npgsql is the .NET data provider for PostgreSQL. The `WriteBind()` method in `src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs` uses `int` variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. Thisβ¦