Total
2498 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25921 | 2024-08-26 | 8.5 High | ||
| IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 247620. | ||||
| CVE-2024-31280 | 2024-08-26 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5. | ||||
| CVE-2023-50760 | 1 Kashipara | 1 Online Notice Board System | 2024-08-26 | 8.8 High |
| Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | ||||
| CVE-2024-7987 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2024-08-26 | N/A |
| A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files. | ||||
| CVE-2024-40318 | 1 Webkul | 1 Qloapps | 2024-08-26 | 7.2 High |
| An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-35570 | 2024-08-26 | 9.8 Critical | ||
| An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file. | ||||
| CVE-2024-25627 | 2024-08-26 | 3.5 Low | ||
| Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an XSS payload. This issue has been addressed in version 2.0-M4-2402. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-3436 | 2024-08-26 | 6.3 Medium | ||
| A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259630 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-45171 | 1 Liveboxcloud | 1 Vdesk | 2024-08-26 | 8.8 High |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions. | ||||
| CVE-2024-22060 | 2024-08-25 | N/A | ||
| An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server. | ||||
| CVE-2024-1035 | 1 Openbi Project | 1 Openbi | 2024-08-23 | 7.3 High |
| A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252310 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-1116 | 1 Openbi | 1 Openbi | 2024-08-23 | 7.3 High |
| A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252474 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-52221 | 1 Ukrsolution | 1 Barcode Scanner And Inventory Manager | 2024-08-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1. | ||||
| CVE-2024-27964 | 2024-08-23 | 8.8 High | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.9. | ||||
| CVE-2024-42523 | 1 Publiccms | 1 Publiccms | 2024-08-23 | 7.2 High |
| publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData | ||||
| CVE-2024-4961 | 2024-08-23 | 6.3 Medium | ||
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C. Affected by this vulnerability is an unknown functionality of the file /user/onlineuser.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264529 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2024-6114 | 1 Janobe | 1 Monbela Tourist Inn Online Reservation System | 2024-08-23 | 7.3 High |
| A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268866 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-7329 | 1 Youdiancms | 1 Youdiancms | 2024-08-23 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in YouDianCMS 7. Affected is an unknown function of the file /Public/ckeditor/plugins/multiimage/dialogs/image_upload.php. The manipulation of the argument files leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-2849 | 2024-08-23 | 6.3 Medium | ||
| A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-42767 | 1 Kashipara | 1 Hotel Management System | 2024-08-23 | 7.2 High |
| Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. | ||||