Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2890 | 2024-03-28 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Tumult Hype Animations.This issue affects Tumult Hype Animations: from n/a through 1.9.12. | |||||
| CVE-2022-40896 | 1 Pygments | 1 Pygments | 2024-03-28 | N/A | 5.5 MEDIUM |
| A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. | |||||
| CVE-2023-23656 | 2024-03-27 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1. | |||||
| CVE-2023-49815 | 2024-03-27 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.This issue affects WappPress: from n/a through 5.0.3. | |||||
| CVE-2023-27440 | 2024-03-27 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17. | |||||
| CVE-2023-47842 | 2024-03-27 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.This issue affects CataBlog: from n/a through 1.7.0. | |||||
| CVE-2023-48275 | 2024-03-27 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2. | |||||
| CVE-2023-6091 | 2024-03-27 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.This issue affects Theme Editor: from n/a through 2.7.1. | |||||
| CVE-2023-29386 | 2024-03-27 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0. | |||||
| CVE-2024-2636 | 2024-03-19 | N/A | N/A | ||
| An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Modifying the 'M4_NEW_PASSWORD' parameter, an attacker could store a malicious JSP file inside the file directory, to be executed the the file is loaded in the application. | |||||
| CVE-2021-22937 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-02-27 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. | |||||
| CVE-2019-12170 | 1 Atutor | 1 Atutor | 2024-02-14 | 9.0 HIGH | 8.8 HIGH |
| ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. | |||||
| CVE-2020-36141 | 1 Bloofox | 1 Bloofoxcms | 2024-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via bypass MIME Type validation by inserting 'image/jpeg' within the 'Content-Type' header. | |||||
| CVE-2022-29347 | 1 Web\@rchiv Project | 1 Web\@rchiv | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. | |||||
| CVE-2020-20287 | 1 Yccms | 1 Yccms | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution. | |||||
| CVE-2021-38697 | 1 Softvibe | 1 Saraban | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attackers to upload files with any file extension which can lead to arbitrary code execution. | |||||
| CVE-2006-5845 | 1 Speedywiki | 1 Speedywiki | 2024-02-14 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1. | |||||
| CVE-2019-12185 | 1 Elabftw | 1 Elabftw | 2024-02-14 | 9.0 HIGH | 8.8 HIGH |
| eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. | |||||
| CVE-2023-6675 | 1 Nationalkeep | 1 Cybermath | 2024-02-06 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server.This issue affects CyberMath: from v.1.4 before v.1.5. | |||||
| CVE-2021-41645 | 1 Oretnom23 | 1 Budget And Expense Tracker System | 2024-02-03 | 6.5 MEDIUM | 8.8 HIGH |
| Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . | |||||