Total
2498 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-25410 | 2024-08-28 | 6.5 Medium | ||
flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php. | ||||
CVE-2023-5524 | 1 M-files | 1 Web Companion | 2024-08-28 | 8.2 High |
Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types | ||||
CVE-2024-1819 | 2024-08-28 | 4.7 Medium | ||
A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the component Add Members Tab. The manipulation of the argument Member Photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254607. | ||||
CVE-2024-1875 | 2024-08-28 | 6.3 Medium | ||
A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. This issue affects some unknown processing of the file users/register-complaint.php of the component Lodge Complaint Section. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254723. | ||||
CVE-2024-26503 | 2024-08-28 | 9.1 Critical | ||
Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint. | ||||
CVE-2024-28423 | 2024-08-27 | 9.8 Critical | ||
Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file. | ||||
CVE-2024-0468 | 1 Code-projects | 1 Fighting Cock Information System | 2024-08-27 | 6.3 Medium |
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250573 was assigned to this vulnerability. | ||||
CVE-2024-28713 | 2024-08-27 | 9.8 Critical | ||
An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature. | ||||
CVE-2023-41506 | 2024-08-27 | 9.8 Critical | ||
An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
CVE-2024-1113 | 1 Openbi | 1 Openbi | 2024-08-27 | 6.3 Medium |
A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252471. | ||||
CVE-2024-27283 | 2024-08-27 | 7.2 High | ||
A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed. | ||||
CVE-2023-6887 | 1 Forestblog Project | 1 Forestblog | 2024-08-27 | 6.3 Medium |
A vulnerability classified as critical has been found in saysky ForestBlog up to 20220630. This affects an unknown part of the file /admin/upload/img of the component Image Upload Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248247. | ||||
CVE-2024-8170 | 2 Rems, Sourcecodester | 2 Zipped Folder Manager App, Zipped Folder Manager App | 2024-08-27 | 3.5 Low |
A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the argument folder leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-23811 | 2024-08-27 | 8.8 High | ||
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution. | ||||
CVE-2024-25918 | 2024-08-27 | 9.9 Critical | ||
Unrestricted Upload of File with Dangerous Type vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.8. | ||||
CVE-2024-8089 | 2 E-commerce System Project, Janobe | 2 E-commerce System, E-commerce System | 2024-08-27 | 6.3 Medium |
A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
CVE-2024-8166 | 1 Ruijie | 2 Eg2000k, Eg2000k Firmware | 2024-08-27 | 4.7 Medium |
A vulnerability has been found in Ruijie EG2000K 11.1(6)B2 and classified as critical. This vulnerability affects unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the argument content leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2024-27733 | 2024-08-26 | 7.7 High | ||
File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component. | ||||
CVE-2023-51468 | 1 Boiteasite | 1 Download Rencontre - Dating Site | 2024-08-26 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. | ||||
CVE-2024-25674 | 1 Misp | 1 Misp | 2024-08-26 | 9.8 Critical |
An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type. |