Total
4006 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29657 | 1 Extplorer | 1 Extplorer | 2025-01-24 | 8.8 High |
| eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions. | ||||
| CVE-2024-25994 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2025-01-24 | 5.3 Medium |
| An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. | ||||
| CVE-2023-30333 | 1 Perfree | 1 Perfreeblog | 2025-01-23 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2023-31576 | 1 S9y | 1 Serendipity | 2025-01-23 | 8.8 High |
| An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. | ||||
| CVE-2024-22426 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-01-23 | 7.2 High |
| Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise. | ||||
| CVE-2023-31857 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2025-01-23 | 9.8 Critical |
| Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save. | ||||
| CVE-2024-29974 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device. | ||||
| CVE-2024-2406 | 1 Gacjie Server Project | 1 Gacjie Server | 2025-01-22 | 5.4 Medium |
| A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. This affects the function index of the file /app/admin/controller/Upload.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256503. | ||||
| CVE-2022-42443 | 1 Ibm | 2 Trusteer Android Sdk For Mobile, Trusteer Ios Sdk For Mobile | 2025-01-22 | 2.2 Low |
| An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535. | ||||
| CVE-2023-2776 | 1 Simple Photo Gallery Project | 1 Simple Photo Gallery | 2025-01-21 | 6.3 Medium |
| A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-229282 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-3488 | 1 Microfocus | 1 Imanager | 2025-01-21 | 5.6 Medium |
| File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication. | ||||
| CVE-2024-3483 | 1 Microfocus | 1 Imanager | 2025-01-21 | 7.8 High |
| Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. | ||||
| CVE-2024-4197 | 1 Avaya | 1 Ip Office | 2025-01-21 | 9.9 Critical |
| An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1. | ||||
| CVE-2023-28652 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2025-01-17 | 6.5 Medium |
| An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. | ||||
| CVE-2022-46660 | 1 Ge | 1 Proficy Historian | 2025-01-16 | 7.5 High |
| An unauthorized user could alter or write files with full control over the path and content of the file. | ||||
| CVE-2023-2888 | 1 Phpok | 1 Phpok | 2025-01-16 | 4.7 Medium |
| A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability. | ||||
| CVE-2023-47711 | 1 Ibm | 1 Security Guardium | 2025-01-14 | 2.7 Low |
| IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: 271526. | ||||
| CVE-2023-32686 | 1 Kiwitcms | 1 Kiwi Tcms | 2025-01-14 | 8.1 High |
| Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. This issue has been patched in version 12.3. | ||||
| CVE-2023-28353 | 2 Faronics, Microsoft | 2 Insight, Windows | 2025-01-13 | 8.8 High |
| An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM. | ||||
| CVE-2024-13138 | 1 Wangl1989 | 1 Mysiteforme | 2025-01-10 | 4.7 Medium |
| A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||