Total
2982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37555 | 1 Zealousweb | 1 Generate Pdf Using Contact Form 7 | 2024-11-21 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6. | |||||
| CVE-2024-37424 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8. | |||||
| CVE-2024-37420 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.This issue affects Zita Elementor Site Library: from n/a through 1.6.1. | |||||
| CVE-2024-37418 | 2024-11-21 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6. | |||||
| CVE-2024-37273 | 1 Homebrew | 1 Jan | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-36987 | 1 Splunk | 2 Cloud, Splunk | 2024-11-21 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200, an authenticated, low-privileged user who does not hold the admin or power Splunk roles could upload a file with an arbitrary extension using the indexing/preview REST endpoint. | |||||
| CVE-2024-36858 | 1 Homebrew | 1 Jan | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-36774 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2024-36415 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 9.1 CRITICAL |
| SuiteCRM is an open-source Customer Relationship Management (CRM) software application. Prior to versions 7.14.4 and 8.6.1, a vulnerability in uploaded file verification in products allows for remote code execution. Versions 7.14.4 and 8.6.1 contain a fix for this issue. | |||||
| CVE-2024-36396 | 1 Verint | 1 Workforce Optimization | 2024-11-21 | N/A | 8.8 HIGH |
| Verint - CWE-434: Unrestricted Upload of File with Dangerous Type | |||||
| CVE-2024-35767 | 1 Squeeze Project | 1 Squeeze | 2024-11-21 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through 1.4. | |||||
| CVE-2024-35746 | 1 Buddypress Cover Project | 1 Buddypress Cover | 2024-11-21 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2. | |||||
| CVE-2024-35593 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||
| CVE-2024-35570 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file. | |||||
| CVE-2024-35527 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm file. | |||||
| CVE-2024-35080 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. | |||||
| CVE-2024-35079 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. | |||||
| CVE-2024-34990 | 2024-11-21 | N/A | 10.0 CRITICAL | ||
| In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket()` allow upload of .php files on a predictable path for connected customers. | |||||
| CVE-2024-34982 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-34913 | 1 Technocking | 1 R-pan-scaffolding | 2024-11-21 | N/A | 5.4 MEDIUM |
| An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file. | |||||