Approved changes feed: RSS · Atom

cpe:2.3:a:cyberpower:powerpanel:*:*:*:*:business:windows:*:*

part: a version: * update: *

VendorCyberpower (2a62c9be-26e1-571c-92ea-27ab54316d46)
ProductPowerpanel (92695e17-3806-556b-898b-a5df47f3cfcd)
Edition*
Language*
Software editionbusiness
Target softwarewindows
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/nathanvaughn/powerpanel-business-docker purl2cpe 2026-06-01 10:16:33.645056

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-34025 vulnerable 2026-06-08 06:37:32.530868 CyberPower PowerPanel business Use of Hard-coded Password
CRITICAL (9.8)
CyberPower PowerPanel business application code contains a hard-coded set of authentication credentials. This could result in an attacker bypassing authentication and gaining administrator privileges.
Published: 2024-05-15T19:17:37.188Z
Updated: 2024-08-02T02:42:59.906Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-33625 vulnerable 2026-06-08 06:37:31.870510 CyberPower PowerPanel business Use of Hard-coded Password
CRITICAL (9.8)
CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication.
Published: 2024-05-15T19:19:53.960Z
Updated: 2024-08-02T02:36:04.325Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-32053 vulnerable 2026-06-08 06:35:32.675406 CyberPower PowerPanel business Use of Hard-coded Credentials
CRITICAL (9.8)
Hard-coded credentials are used by the  CyberPower PowerPanel platform to authenticate to the database, other services, and the cloud. This could result in an attacker gaining access to services with the privileges of a Powerpanel business application.
Published: 2024-05-15T19:34:30.153Z
Updated: 2024-08-02T02:06:43.251Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-32047 vulnerable 2026-06-08 06:35:32.670275 CyberPower PowerPanel business Active Debug Code
CRITICAL (9.8)
Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the testing or production server.
Published: 2024-05-15T19:36:41.936Z
Updated: 2024-08-02T02:06:43.550Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-32042 vulnerable 2026-06-08 06:35:32.663324 CyberPower PowerPanel business Storing Passwords in a Recoverable Format
MEDIUM (4.9)
The key used to encrypt passwords stored in the database can be found in the CyberPower PowerPanel application code, allowing the passwords to be recovered.
Published: 2024-05-15T19:39:08.086Z
Updated: 2024-08-02T02:06:43.266Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-31856 vulnerable 2026-06-08 06:35:32.174096 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-31410 vulnerable 2026-06-08 06:35:31.491634 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-31409 vulnerable 2026-06-08 06:35:31.490996 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-25133 vulnerable 2026-06-08 05:56:08.551095 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-25132 vulnerable 2026-06-08 05:56:08.550560 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-25131 vulnerable 2026-06-08 05:56:08.549798 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.