Export limit exceeded: 353540 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4059 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0265 | 1 Uvdesk | 1 Community-skeleton | 2025-02-13 | 8.8 High |
| Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers. | ||||
| CVE-2023-39147 | 1 Webkul | 1 Uvdesk | 2025-02-13 | 7.8 High |
| An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file. | ||||
| CVE-2022-32114 | 1 Strapi | 1 Strapi | 2025-02-13 | 8.8 High |
| An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library "Create (upload)" permission is supposed to be able to upload PDF files containing JavaScript, and that all files in a public assets folder are accessible to the outside world (unless the filename begins with a dot character). The administrator can choose to allow only image, video, and audio files (i.e., not PDF) if desired. | ||||
| CVE-2023-26857 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-02-13 | 7.2 High |
| An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2024-37273 | 2 Homebrew, Jan | 2 Jan, Jan | 2025-02-13 | 9.8 Critical |
| An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-36858 | 1 Homebrew | 1 Jan | 2025-02-13 | 9.8 Critical |
| An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-36774 | 1 Monstra | 1 Monstra | 2025-02-13 | 7.2 High |
| An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-34913 | 2 Rubinchu, Technocking | 2 R-pan-scaffolding, R-pan-scaffolding | 2025-02-13 | 5.4 Medium |
| An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. | ||||
| CVE-2024-34909 | 1 Kykms | 1 Kykms | 2025-02-13 | 9.8 Critical |
| An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. | ||||
| CVE-2024-34906 | 1 Dootask | 1 Dootask | 2025-02-13 | 6.3 Medium |
| An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. | ||||
| CVE-2022-45171 | 1 Liveboxcloud | 1 Vdesk | 2025-02-13 | 8.8 High |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions. | ||||
| CVE-2024-25034 | 1 Ibm | 1 Planning Analytics Local | 2025-02-12 | 8 High |
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. | ||||
| CVE-2024-40693 | 1 Ibm | 1 Planning Analytics Local | 2025-02-12 | 8 High |
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | ||||
| CVE-2023-27033 | 1 Cdesigner Project | 1 Cdesigner | 2025-02-12 | 9.8 Critical |
| Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). | ||||
| CVE-2023-29375 | 1 Progress | 1 Sitefinity | 2025-02-12 | 9.8 Critical |
| An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector. | ||||
| CVE-2023-1406 | 1 Crocoblock | 1 Jetengine For Elementor | 2025-02-11 | 8.8 High |
| The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. | ||||
| CVE-2023-24720 | 1 Readium | 1 Readium-js | 2025-02-11 | 9.8 Critical |
| An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file. | ||||
| CVE-2023-28731 | 1 Acymailing | 1 Acymailing | 2025-02-11 | 9.8 Critical |
| AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0. | ||||
| CVE-2022-47190 | 1 Generex | 2 Cs141, Cs141 Firmware | 2025-02-11 | 10 Critical |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. | ||||
| CVE-2022-47191 | 1 Generex | 2 Cs141, Cs141 Firmware | 2025-02-11 | 4.3 Medium |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. | ||||