Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production...
9.8CVSS
6.7AI Score
0.0004EPSS
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production...
9.8CVSS
9.5AI Score
0.0004EPSS
Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business...
9.8CVSS
6.7AI Score
0.0004EPSS
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code ...
8.8CVSS
7.4AI Score
0.0004EPSS
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code ...
8.8CVSS
8.9AI Score
0.0004EPSS
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass...
9.8CVSS
9.5AI Score
0.0004EPSS
Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business...
9.8CVSS
9.5AI Score
0.0004EPSS
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote ...
8.8CVSS
6.9AI Score
0.0004EPSS
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be...
4.9CVSS
6.5AI Score
0.0004EPSS
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious...
7.7CVSS
7.7AI Score
0.0004EPSS
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any...
6.5CVSS
6.8AI Score
0.0004EPSS
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious...
7.7CVSS
6.8AI Score
0.0004EPSS
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be...
4.9CVSS
5.5AI Score
0.0004EPSS
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote ...
8.8CVSS
8.7AI Score
0.0004EPSS
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any...
6.5CVSS
6.7AI Score
0.0004EPSS
CVE-2024-31409 CyberPower PowerPanel business Improper Authorization
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any...
6.5CVSS
6.6AI Score
0.0004EPSS
CVE-2024-31409 CyberPower PowerPanel business Improper Authorization
Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any...
6.5CVSS
6.8AI Score
0.0004EPSS
CVE-2024-31410 CyberPower PowerPanel business Use of Hard-coded Cryptographic Key
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious...
7.7CVSS
7.7AI Score
0.0004EPSS
CVE-2024-31410 CyberPower PowerPanel business Use of Hard-coded Cryptographic Key
The devices which CyberPower PowerPanel manages use identical certificates based on a hard-coded cryptographic key. This can allow an attacker to impersonate any client in the system and send malicious...
7.7CVSS
6.9AI Score
0.0004EPSS
CVE-2024-31856 CyberPower PowerPanel business SQL Injection
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote ...
8.8CVSS
8.8AI Score
0.0004EPSS
CVE-2024-31856 CyberPower PowerPanel business SQL Injection
An attacker with certain MQTT permissions can create malicious messages to all CyberPower PowerPanel devices. This could result in an attacker injecting SQL syntax, writing arbitrary files to the system, and executing remote ...
8.8CVSS
7.1AI Score
0.0004EPSS
CVE-2024-32042 CyberPower PowerPanel business Storing Passwords in a Recoverable Format
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be...
4.9CVSS
6.6AI Score
0.0004EPSS
CVE-2024-32042 CyberPower PowerPanel business Storing Passwords in a Recoverable Format
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be...
4.9CVSS
5.3AI Score
0.0004EPSS
CVE-2024-32047 CyberPower PowerPanel business Active Debug Code
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production...
9.8CVSS
9.6AI Score
0.0004EPSS
CVE-2024-32047 CyberPower PowerPanel business Active Debug Code
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production...
9.8CVSS
6.9AI Score
0.0004EPSS
CVE-2024-32053 CyberPower PowerPanel business Use of Hard-coded Credentials
Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business...
9.8CVSS
6.8AI Score
0.0004EPSS
CVE-2024-32053 CyberPower PowerPanel business Use of Hard-coded Credentials
Hard-coded credentials are used by the CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business...
9.8CVSS
9.6AI Score
0.0004EPSS
CVE-2024-33615 CyberPower PowerPanel business Relative Path Traversal
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code ...
8.8CVSS
7.5AI Score
0.0004EPSS
CVE-2024-33615 CyberPower PowerPanel business Relative Path Traversal
A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code ...
8.8CVSS
9AI Score
0.0004EPSS
CVE-2024-33625 CyberPower PowerPanel business Use of Hard-coded Password
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass...
9.8CVSS
9.6AI Score
0.0004EPSS
CVE-2024-33625 CyberPower PowerPanel business Use of Hard-coded Password
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass...
9.8CVSS
7AI Score
0.0004EPSS
CVE-2024-34025 CyberPower PowerPanel business Use of Hard-coded Password
CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator...
9.8CVSS
9.8AI Score
0.0004EPSS
CVE-2024-34025 CyberPower PowerPanel business Use of Hard-coded Password
CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator...
9.8CVSS
7.2AI Score
0.0004EPSS
Security Bulletin: IBM Security Guardium is affected by multiple Linux Kernel vulnerabilities
Summary IBM Security Guardium has addressed these vulnerabilities with an update. Vulnerability Details ** CVEID: CVE-2023-6679 DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the dpll_pin_parent_pin_set() function in...
7.8CVSS
9.2AI Score
0.008EPSS
AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-27260)
IBM SECURITY ADVISORY First Issued: Wed May 15 17:28:09 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/invscout_advisory6.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout...
8.4CVSS
7.2AI Score
0.0004EPSS
Android 15 Rolls Out Advanced Features to Protect Users from Scams and Malicious Apps
Google is unveiling a set of new features in Android 15 to prevent malicious apps installed on the device from capturing sensitive data. This constitutes an update to the Play Integrity API that third-party app developers can take advantage of to secure their applications against malware....
6.8AI Score
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
June 2024 update: At the end of May 2024, Microsoft Threat Intelligence observed Storm-1811 using Microsoft Teams as another vector to contact target users. Microsoft assesses that the threat actor uses Teams to send messages and initiate calls in an attempt to impersonate IT or help desk...
7.7AI Score
MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn
By Deeba Ahmed Is FIDO2 truly unbreachable? Recent research exposes a potential vulnerability where attackers could use MITM techniques to bypass FIDO2 security keys. This is a post from HackRead.com Read the original post: MITM Attacks Can Still Bypass FIDO2 Security, Researchers...
7.3AI Score
It's Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure
While cloud adoption has been top of mind for many IT professionals for nearly a decade, it's only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move...
7.2AI Score
Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Notes Author| Note ---|--- alexmurray | The Debian...
6.5AI Score
0.0004EPSS
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value:...
8.8CVSS
7.7AI Score
0.002EPSS
Serial Numbers for WooCommerce – License Manager <= 1.7.3 - Missing Authorization
Description The WC Serial Numbers – Ultimate License Manager for Selling, Licensing & Securely Delivering Digital Content with WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.7.3. This...
5.3CVSS
5.1AI Score
0.0004EPSS
Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-2)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-2 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able...
7.8CVSS
7.5AI Score
EPSS
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2024:1648-1)
The remote SUSE Linux SLED12 / SLED_SAP12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1648-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory ...
7.8CVSS
7.2AI Score
EPSS
SUSE SLES12 Security Update : kernel (SUSE-SU-2024:1646-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1646-1 advisory. In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array...
7.8CVSS
7.2AI Score
EPSS
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:1641-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1641-1 advisory. In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single...
7.8CVSS
7.6AI Score
EPSS
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.8)
The version of AOS installed on the remote host is prior to 6.8. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.8 advisory. Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in...
9.8CVSS
9.4AI Score
0.123EPSS
Z-Downloads < 1.11.4 - Authenticated (Admin+) Arbitrary File Upload
Description The Z-Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.11.3. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the....
9.1CVSS
7.3AI Score
0.0004EPSS
Easy Digital Downloads < 3.2.12 - Unauthenticated Sensitive Information Exposure
Description The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.11. This makes it possible for unauthenticated attackers to extract...
5.3CVSS
6.9AI Score
0.0004EPSS
Oracle Linux 9 : nodejs:18 (ELSA-2024-2779)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2779 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the...
5.3CVSS
6.9AI Score
0.0004EPSS