Total
4133 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27753 | 2026-06-17 | N/A | 8.0 HIGH | ||
| An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2023-27602 | 1 Apache | 1 Linkis | 2026-06-17 | N/A | 9.8 CRITICAL |
| In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2. For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true` | |||||
| CVE-2023-27440 | 2026-06-17 | N/A | 7.2 HIGH | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through 3.4.17. | |||||
| CVE-2023-27397 | 1 Microengine | 1 Mailform | 2026-06-17 | N/A | 9.8 CRITICAL |
| Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | |||||
| CVE-2023-27246 | 1 Mk-auth | 1 Mk-auth | 2026-06-17 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file. | |||||
| CVE-2023-27235 | 1 Jizhicms | 1 Jizhicms | 2026-06-17 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. | |||||
| CVE-2023-27179 | 1 Gdidees | 1 Gdidees Cms | 2026-06-17 | N/A | 7.5 HIGH |
| GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php. | |||||
| CVE-2023-27178 | 1 Gdidees | 1 Gdidees Cms | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2023-27168 | 1 Xpand-it | 1 Write-back Manager | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. | |||||
| CVE-2023-27083 | 1 Pluck-cms | 1 Pluck | 2026-06-17 | N/A | 7.2 HIGH |
| An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. | |||||
| CVE-2023-27033 | 1 Cdesigner Project | 1 Cdesigner | 2026-06-17 | N/A | 9.8 CRITICAL |
| Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). | |||||
| CVE-2023-26968 | 1 Atrocore | 1 Atrocore | 2026-06-17 | N/A | 9.8 CRITICAL |
| In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload. | |||||
| CVE-2023-26949 | 1 Onekeyadmin | 1 Onekeyadmin | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2023-26857 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2026-06-17 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2023-26852 | 1 Textpattern | 1 Textpattern | 2026-06-17 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. | |||||
| CVE-2023-26830 | 1 Gladinet | 1 Centrestack | 2026-06-17 | N/A | 7.2 HIGH |
| An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server. | |||||
| CVE-2023-26775 | 1 Monitorr | 1 Monitorr | 2026-06-17 | N/A | 7.8 HIGH |
| File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. | |||||
| CVE-2023-26762 | 1 Smeup | 1 Erp | 2026-06-17 | N/A | 8.8 HIGH |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. | |||||
| CVE-2023-26690 | 1 Cs-cart | 1 Cs-cart Multivendor | 2026-06-17 | N/A | 8.8 HIGH |
| File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu. | |||||
| CVE-2023-26686 | 1 Cs-cart | 1 Cs-cart Multivendor | 2026-06-17 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop. | |||||
