Total
2510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-46149 | 1 Themify | 1 Ultra | 2024-08-02 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | ||||
| CVE-2023-45724 | 1 Hcltech | 1 Dryice Myxalytics | 2024-08-02 | 8.2 High |
| HCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication. | ||||
| CVE-2023-45603 | 1 Plugin-planet | 1 User Submitted Posts | 2024-08-02 | 9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902. | ||||
| CVE-2023-44763 | 1 Concretecms | 1 Concrete Cms | 2024-08-02 | 5.4 Medium |
| Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). NOTE: the vendor's position is that a customer is supposed to know that "pdf" should be excluded from the allowed file types, even though pdf is one of the allowed file types in the default configuration. | ||||
| CVE-2023-45197 | 2 Adminer, Adminerevo | 2 Adminer, Adminerevo | 2024-08-02 | 9.8 Critical |
| The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table name of “..” to the root of the Adminer directory. The attacker can effectively guess the name of the uploaded file and execute it. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.3. | ||||
| CVE-2023-45188 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2024-08-02 | 6.5 Medium |
| IBM Engineering Lifecycle Optimization Publishing 7.0.2 and 7.03 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 268751. | ||||
| CVE-2023-42017 | 1 Ibm | 1 Planning Analytics | 2024-08-02 | 8 High |
| IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. | ||||
| CVE-2023-41998 | 1 Arcserve | 1 Udp | 2024-08-02 | 9.8 Critical |
| Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files. | ||||
| CVE-2023-41812 | 1 Artica | 1 Pandora Fms | 2024-08-02 | 5.7 Medium |
| Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773. | ||||
| CVE-2023-41788 | 1 Artica | 1 Pandora Fms | 2024-08-02 | 7.6 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773. | ||||
| CVE-2023-41638 | 1 Grupposcai | 1 Realgimm | 2024-08-02 | 8.8 High |
| An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2023-41637 | 1 Grupposcai | 1 Realgimm | 2024-08-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file. | ||||
| CVE-2023-41108 | 1 Tef | 1 Tef Portal | 2024-08-02 | 8.8 High |
| TEF portal 2023-07-17 is vulnerable to authenticated remote code execution. | ||||
| CVE-2023-41009 | 1 Adlered | 1 Bolo-solo | 2024-08-02 | 9.8 Critical |
| File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header. | ||||
| CVE-2023-40980 | 1 Diaowen | 1 Dwsurvey | 2024-08-02 | 9.8 Critical |
| File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. | ||||
| CVE-2023-40825 | 1 Perfree | 1 Perfreeblog | 2024-08-02 | 7.2 High |
| An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list. | ||||
| CVE-2023-40731 | 1 Siemens | 1 Qms Automotive | 2024-08-02 | 5.7 Medium |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering. | ||||
| CVE-2024-27923 | 2024-08-02 | 8.8 High | ||
| Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue. | ||||
| CVE-2023-40460 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2024-08-02 | 7.1 High |
| The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted. | ||||
| CVE-2023-40265 | 1 Mitel | 1 Unify Openscape Xpressions Webassistant | 2024-08-02 | 8.8 High |
| An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload. | ||||