Total
3382 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27903 | 1 Openvpn | 1 Openvpn | 2024-11-21 | 9.8 Critical |
| OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. | ||||
| CVE-2024-27733 | 2024-11-21 | 7.7 High | ||
| File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component. | ||||
| CVE-2024-27311 | 1 Zohocorp | 1 Manageengine Ddi Central | 2024-11-21 | 5.5 Medium |
| Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | ||||
| CVE-2024-25674 | 1 Misp | 1 Misp | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type. | ||||
| CVE-2024-24550 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. | ||||
| CVE-2024-24202 | 1 Easycorp | 3 Zentao, Zentao Biz, Zentao Max | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file. | ||||
| CVE-2024-24024 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 9.8 Critical |
| An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download. | ||||
| CVE-2024-23811 | 1 Siemens | 1 Sinec Nms | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution. | ||||
| CVE-2024-22550 | 1 Shopsite | 1 Shopsite | 2024-11-21 | 6.1 Medium |
| An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. | ||||
| CVE-2024-22263 | 2024-11-21 | 8.8 High | ||
| Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromises the server. | ||||
| CVE-2024-1659 | 1 Megabip | 1 Megabip | 2024-11-21 | 9.8 Critical |
| Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server (including a PHP code file) without an authentication. This issue affects MegaBIP software versions through 5.10. | ||||
| CVE-2024-1532 | 2024-11-21 | 6.8 Medium | ||
| A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could enforce diagnostic texts being displayed as empty strings, if an authorized user uploads a specially crafted stb-language file. | ||||
| CVE-2024-1531 | 2024-11-21 | 8.2 High | ||
| A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. A malicious actor could print random memory content in the RTU500 system log, if an authorized user uploads a specially crafted stb-language file. | ||||
| CVE-2024-1268 | 1 Restaurant Pos System Project | 1 Restaurant Pos System | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253011. | ||||
| CVE-2024-1264 | 1 Juanpao | 1 Jpshop | 2024-11-21 | 6.3 Medium |
| A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253003. | ||||
| CVE-2024-1263 | 1 Juanpao | 1 Jpshop | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-1262 | 1 Juanpao | 1 Jpshop | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253001 was assigned to this vulnerability. | ||||
| CVE-2024-1116 | 1 Openbi | 1 Openbi | 2024-11-21 | 7.3 High |
| A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252474 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-1113 | 1 Openbi | 1 Openbi | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252471. | ||||
| CVE-2024-1036 | 1 Openbi | 1 Openbi | 2024-11-21 | 7.3 High |
| A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252311. | ||||