Total
2288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-51410 | 1 Wpvibes | 1 Wp Mail Log | 2024-01-05 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2. | |||||
| CVE-2023-51411 | 1 Dynamiapps | 1 Frontend Admin | 2024-01-05 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3. | |||||
| CVE-2023-51412 | 1 Piotnet | 1 Piotnet Forms | 2024-01-05 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25. | |||||
| CVE-2023-51417 | 1 Jorisvm | 1 Jvm Gutenberg Rich Text Icons | 2024-01-05 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3. | |||||
| CVE-2023-51419 | 1 Bertha | 1 Bertha Ai | 2024-01-05 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7. | |||||
| CVE-2023-50104 | 1 Zzcms | 1 Zzcms | 2024-01-05 | N/A | 9.8 CRITICAL |
| ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. | |||||
| CVE-2023-50692 | 1 Jizhicms | 1 Jizhicms | 2024-01-04 | N/A | 8.8 HIGH |
| File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | |||||
| CVE-2023-50038 | 1 Textpattern | 1 Textpattern | 2024-01-04 | N/A | 8.8 HIGH |
| There is an arbitrary file upload vulnerability in the background of textpattern cms v4.8.8, which leads to the loss of server permissions. | |||||
| CVE-2023-5931 | 1 Rtcamp | 1 Rtmedia | 2024-01-04 | N/A | 8.8 HIGH |
| The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server | |||||
| CVE-2023-5673 | 1 Wpvibes | 1 Wp Mail Log | 2024-01-04 | N/A | 8.8 HIGH |
| The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. | |||||
| CVE-2023-52086 | 1 Startutorial | 1 Php Backend For Resumable.js | 2024-01-04 | N/A | 8.1 HIGH |
| resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.) | |||||
| CVE-2023-51034 | 1 Totolink | 2 Ex1200l, Ex1200l Firmware | 2024-01-03 | N/A | 9.8 CRITICAL |
| TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi UploadFirmwareFile interface. | |||||
| CVE-2023-42017 | 1 Ibm | 1 Planning Analytics | 2023-12-29 | N/A | 9.8 CRITICAL |
| IBM Planning Analytics Local 2.0 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious script, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 265567. | |||||
| CVE-2023-6976 | 1 Lfprojects | 1 Mlflow | 2023-12-29 | N/A | 8.8 HIGH |
| This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. | |||||
| CVE-2022-45377 | 1 Codedropz | 1 Drag And Drop Multiple File Upload For Woocommerce | 2023-12-29 | N/A | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8. | |||||
| CVE-2023-6562 | 1 Kakadusoftware | 1 Kakadu Sdk | 2023-12-28 | N/A | 7.5 HIGH |
| JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted the image that is displayed back to the attacker. | |||||
| CVE-2022-40981 | 1 Etictelecom | 14 Ras-c-100-lw, Ras-e-100, Ras-e-220 and 11 more | 2023-12-28 | N/A | 10.0 CRITICAL |
| All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device. | |||||
| CVE-2023-39548 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2023-12-28 | N/A | 8.8 HIGH |
| CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | |||||
| CVE-2022-3549 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2023-12-28 | N/A | 7.2 HIGH |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability. | |||||
| CVE-2023-46149 | 1 Themify | 1 Ultra | 2023-12-28 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5. | |||||