CVE-2024-34025

CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges...

EUVD-2019-4623

Malware in sbrugna...

EUVD-2024-34596

Malicious code in bioql PyPI...

EUVD-2024-34477

Malicious code in bioql PyPI...

EUVD-2024-34482

Malicious code in bioql PyPI...

EUVD-2024-34451

Malicious code in bioql PyPI...

EUVD-2024-34461

Malicious code in bioql PyPI...

EUVD-2024-34456

Malicious code in bioql PyPI...

EUVD-2024-34379

Malicious code in bioql PyPI...

EUVD-2023-43941

Malicious code in bioql PyPI...

EUVD-2023-43943

Malicious code in bioql PyPI...

EUVD-2024-34459

Malicious code in bioql PyPI...

EUVD-2024-34450

Malicious code in bioql PyPI...

CVE-2024-31409

Certain MQTT wildcards are not blocked on the CyberPower PowerPanel system, which might result in an attacker obtaining data from throughout the system after gaining access to any device...

CVE-2024-32042

The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered...

CVE-2023-3267

When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with...

CVE-2023-3265

An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this...

CVE-2023-3266

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an...

CVE-2019-13070

A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/actionrecipient Event Action/Recipient page, the embedded code will be...

CVE-2019-13071

CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page...