Total
2510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27881 | 1 Ptc | 1 Vuforia Studio | 2024-08-02 | 8 High |
| A user could use the “Upload Resource” functionality to upload files to any location on the disk. | ||||
| CVE-2023-27755 | 1 71note | 1 Go-bbs | 2024-08-02 | 8.8 High |
| go-bbs v1 was discovered to contain an arbitrary file download vulnerability via the component /api/v1/download. | ||||
| CVE-2023-27757 | 1 Perfree | 1 Perfreeblog | 2024-08-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file. | ||||
| CVE-2023-27602 | 1 Apache | 1 Linkis | 2024-08-02 | 9.8 Critical |
| In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true` | ||||
| CVE-2023-27397 | 1 Microengine | 1 Mailform | 2024-08-02 | 9.8 Critical |
| Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | ||||
| CVE-2023-27168 | 1 Xpand-it | 1 Write-back Manager | 2024-08-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. | ||||
| CVE-2023-27178 | 1 Gdidees | 1 Gdidees Cms | 2024-08-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2023-27246 | 1 Mk-auth | 1 Mk-auth | 2024-08-02 | 8.8 High |
| An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file. | ||||
| CVE-2023-27235 | 1 Jizhicms | 1 Jizhicms | 2024-08-02 | 7.2 High |
| An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. | ||||
| CVE-2023-27083 | 1 Pluck-cms | 1 Pluck | 2024-08-02 | 7.2 High |
| An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. | ||||
| CVE-2023-27164 | 1 Halo | 1 Halo | 2024-08-02 | 4.8 Medium |
| An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | ||||
| CVE-2023-27179 | 1 Gdidees | 1 Gdidees Cms | 2024-08-02 | 7.5 High |
| GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php. | ||||
| CVE-2023-27033 | 1 Cdesigner Project | 1 Cdesigner | 2024-08-02 | 9.8 Critical |
| Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). | ||||
| CVE-2023-26968 | 1 Atrocore | 1 Atrocore | 2024-08-02 | 9.8 Critical |
| In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload. | ||||
| CVE-2023-26949 | 1 Onekeyadmin | 1 Onekeyadmin | 2024-08-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2023-26857 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2024-08-02 | 7.2 High |
| An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2023-26852 | 1 Textpattern | 1 Textpattern | 2024-08-02 | 7.2 High |
| An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | ||||
| CVE-2023-26762 | 1 Smeup | 1 Erp | 2024-08-02 | 8.8 High |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. | ||||
| CVE-2023-26830 | 1 Gladinet | 1 Centrestack | 2024-08-02 | 7.2 High |
| An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server. | ||||
| CVE-2023-26775 | 1 Monitorr | 1 Monitorr | 2024-08-02 | 7.8 High |
| File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. | ||||