Total
2510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0415 | 1 Gogs | 1 Gogs | 2024-08-02 | 8.8 High |
| Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. | ||||
| CVE-2022-0242 | 1 Craterapp | 1 Crater | 2024-08-02 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0. | ||||
| CVE-2023-52324 | 1 Trendmicro | 1 Apex Central | 2024-08-02 | 8.8 High |
| An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any valid set of credentials. Also, this vulnerability could be potentially used in combination with another vulnerability to execute arbitrary code. | ||||
| CVE-2023-52086 | 1 Startutorial | 1 Php Backend For Resumable.js | 2024-08-02 | 8.1 High |
| resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.) | ||||
| CVE-2023-51925 | 1 Yonyou | 1 Yonbip | 2024-08-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2023-51924 | 1 Yonyou | 1 Yonbip | 2024-08-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2023-51806 | 1 Ujcms | 1 Ujcms | 2024-08-02 | 5.4 Medium |
| File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file. | ||||
| CVE-2023-51590 | 2024-08-02 | N/A | ||
| Voltronic Power ViewPower Pro UpLoadAction Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpLoadAction class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22080. | ||||
| CVE-2023-51475 | 1 Wpmlmsoftware | 1 Wp Mlm Unilevel | 2024-08-02 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN.This issue affects WP MLM SOFTWARE PLUGIN: from n/a through 4.0. | ||||
| CVE-2023-51473 | 1 Pixelemu | 1 Terraclassifieds | 2024-08-02 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3. | ||||
| CVE-2023-51410 | 1 Wpvibes | 1 Wp Mail Log | 2024-08-02 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2. | ||||
| CVE-2023-51417 | 1 Jorisvm | 1 Jvm Gutenberg Rich Text Icons | 2024-08-02 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3. | ||||
| CVE-2023-51411 | 1 Dynamiapps | 1 Frontend Admin | 2024-08-02 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3. | ||||
| CVE-2023-51419 | 1 Bertha | 1 Bertha Ai | 2024-08-02 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7. | ||||
| CVE-2023-51421 | 1 Soft8soft | 1 Verge3d | 2024-08-02 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | ||||
| CVE-2023-51412 | 1 Piotnet | 1 Piotnet Forms | 2024-08-02 | 9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25. | ||||
| CVE-2023-50982 | 1 Studip | 1 Stud.ip | 2024-08-02 | 9 Critical |
| Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9. | ||||
| CVE-2023-50922 | 1 Gl-inet | 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more | 2024-08-02 | 7.2 High |
| An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. | ||||
| CVE-2023-50717 | 2024-08-02 | 5.7 Medium | ||
| NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack. This allows remote attacker to execute JavaScript code in the context of the user accessing the vector. An attacker could have used this vulnerability to execute requests in the name of a logged-in user or potentially collect information about the attacked user by displaying a malicious form. Version 0.202.10 contains a patch for the issue. | ||||
| CVE-2023-50729 | 1 Traccar | 1 Traccar | 2024-08-02 | 8.5 High |
| Traccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations. Version 5.11 was published to fix this vulnerability. | ||||