Total
1159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9985 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | N/A | 9.8 CRITICAL |
| Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. | |||||
| CVE-2024-48782 | 2024-10-16 | N/A | 9.8 CRITICAL | ||
| File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. | |||||
| CVE-2024-48781 | 2024-10-16 | N/A | 9.8 CRITICAL | ||
| An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. | |||||
| CVE-2024-48034 | 2024-10-16 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Fliperrr Team Creates 3D Flipbook, PDF Flipbook allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through 1.2. | |||||
| CVE-2024-48035 | 2024-10-16 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Takayuki Imanishi ACF Images Search And Insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through 1.1.4. | |||||
| CVE-2024-49257 | 2024-10-16 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9. | |||||
| CVE-2024-48027 | 2024-10-16 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in xaraartech External featured image from bing allows Upload a Web Shell to a Web Server.This issue affects External featured image from bing: from n/a through 1.0.2. | |||||
| CVE-2024-47649 | 2024-10-16 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in THATplugin Iconize.This issue affects Iconize: from n/a through 1.2.4. | |||||
| CVE-2021-4443 | 2024-10-16 | N/A | 9.8 CRITICAL | ||
| The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code. | |||||
| CVE-2024-49260 | 2024-10-16 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. | |||||
| CVE-2024-49216 | 2024-10-16 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Clayton Feed Comments Number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through 0.2.1. | |||||
| CVE-2024-49242 | 2024-10-16 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5. | |||||
| CVE-2024-9794 | 1 Codezips | 1 Online Shopping Portal | 2024-10-15 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42640 | 2024-10-15 | N/A | 9.8 CRITICAL | ||
| angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-46088 | 2024-10-15 | N/A | 9.8 CRITICAL | ||
| An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-9280 | 1 Kvf-admin Project | 1 Kvf-admin | 2024-10-04 | 5.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUploadKit.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2024-9108 | 2024-10-04 | N/A | 9.8 CRITICAL | ||
| The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-7772 | 1 Artbees | 1 Jupiter X Core | 2024-10-02 | N/A | 9.8 CRITICAL |
| The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-8940 | 1 Scriptcase | 1 Scriptcase | 2024-10-01 | N/A | 9.8 CRITICAL |
| Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input. | |||||
| CVE-2024-9038 | 1 Codezips | 1 Online Shopping Portal | 2024-09-27 | 4.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation of the argument productimage1/productimage2/productimage3 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||