Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49326 | 1 Vasiliskerasiotis | 1 Affiliator | 2024-10-24 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Vasilis Kerasiotis Affiliator allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through 2.1.3. | |||||
| CVE-2024-49324 | 1 Sovratec | 1 Sovratec Case Management | 2024-10-24 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0. | |||||
| CVE-2024-49327 | 1 Asepbagjapriandana | 1 Woostagram Connect | 2024-10-24 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2. | |||||
| CVE-2024-49329 | 1 Vivektamrakar | 1 Wp Rest Api Fns | 2024-10-24 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Vivek Tamrakar WP REST API FNS allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through 1.0.0. | |||||
| CVE-2024-49330 | 1 Brx8r | 1 Nice Backgrounds | 2024-10-24 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through 1.0. | |||||
| CVE-2024-49331 | 1 Myriadsolutionz | 1 Property Lot Management System | 2024-10-24 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38. | |||||
| CVE-2024-49607 | 1 Redwanhilali | 1 Wp Dropbox Dropins | 2024-10-24 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0. | |||||
| CVE-2024-49610 | 1 Jackzhu | 1 Photokit | 2024-10-24 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jack Zhu allows Upload a Web Shell to a Web Server.This issue affects photokit: from n/a through 1.0. | |||||
| CVE-2024-10201 | 1 Wellchoose | 1 Administrative Management System | 2024-10-24 | N/A | 8.8 HIGH |
| Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells. | |||||
| CVE-2024-49611 | 1 Paxman | 1 Product Website Showcase | 2024-10-23 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Paxman Product Website Showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through 1.0. | |||||
| CVE-2024-10161 | 1 Phpgurukul | 1 Boat Booking System | 2024-10-21 | N/A | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file change-image.php of the component Update Boat Image Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-45802 | 1 Apache | 1 Streampark | 2024-10-21 | N/A | 9.8 CRITICAL |
| Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later | |||||
| CVE-2024-45136 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2024-10-18 | N/A | 7.8 HIGH |
| InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-45137 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-10-18 | N/A | 7.8 HIGH |
| InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-47423 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-10-18 | N/A | 7.8 HIGH |
| Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which can be automatically processed or executed by the system. Exploitation of this issue requires user interaction. | |||||
| CVE-2024-49291 | 2024-10-18 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. | |||||
| CVE-2024-49314 | 2024-10-18 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in ?? JiangQie Free Mini Program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through 2.5.2. | |||||
| CVE-2024-49398 | 2024-10-18 | N/A | N/A | ||
| The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code. | |||||
| CVE-2023-6846 | 1 Filemanagerpro | 1 File Manager | 2024-10-18 | N/A | 8.8 HIGH |
| The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function. | |||||
| CVE-2024-8918 | 1 Filemanagerpro | 1 File Manager | 2024-10-17 | N/A | 5.4 MEDIUM |
| The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting. | |||||