Total
4115 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5145 | 1 Warrendaloyan | 1 Vehicle Management System | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265289 was assigned to this vulnerability. | |||||
| CVE-2024-5084 | 1 Hashthemes | 1 Hash Form | 2026-06-17 | N/A | 9.8 CRITICAL |
| The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-5080 | 1 Tipsandtricks-hq | 1 Wp Emember | 2026-06-17 | N/A | 8.8 HIGH |
| The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server | |||||
| CVE-2024-5050 | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-264747. | |||||
| CVE-2024-5049 | 1 Codezips | 1 E-commerce Site | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264746 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-5047 | 1 Kabir-m-alhasan | 1 Student Management System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264744. | |||||
| CVE-2024-5043 | 1 Emlog | 1 Emlog | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Emlog Pro 2.3.4 and classified as critical. Affected by this issue is some unknown functionality of the file admin/setting.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264740. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-5008 | 1 Progress | 1 Whatsup Gold | 2026-06-17 | N/A | 8.8 HIGH |
| In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. | |||||
| CVE-2024-58349 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation. | |||||
| CVE-2024-58348 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server. | |||||
| CVE-2024-58313 | 1 Xbtitfm | 1 Xbtitfm | 2026-06-17 | N/A | 7.2 HIGH |
| xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the file_hosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif, adding GIF89a magic bytes, and using alternate PHP tags to upload web shells that execute system commands. | |||||
| CVE-2024-58298 | 2026-06-17 | N/A | N/A | ||
| Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute arbitrary commands by sending POST requests to the uploaded JSP endpoint. | |||||
| CVE-2024-58295 | 2026-06-17 | N/A | N/A | ||
| ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing the uploaded file in the theme directory. | |||||
| CVE-2024-58283 | 1 Wbce | 1 Wbce Cms | 2026-06-17 | N/A | 8.8 HIGH |
| WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary system commands through a user-controlled parameter. | |||||
| CVE-2024-58282 | 1 S9y | 1 Serendipity | 2026-06-17 | N/A | 7.2 HIGH |
| Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables arbitrary system command execution on the web server. | |||||
| CVE-2024-58281 | 1 Dotclear | 1 Dotclear | 2026-06-17 | N/A | 8.8 HIGH |
| Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to gain system access through the uploaded file. | |||||
| CVE-2024-58279 | 1 Apprain | 1 Apprain | 2026-06-17 | N/A | 8.8 HIGH |
| appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory. | |||||
| CVE-2024-57968 | 1 Advantive | 1 Veracore | 2026-06-17 | N/A | 9.9 CRITICAL |
| Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this. | |||||
| CVE-2024-57761 | 1 Huayi-tec | 1 Jeewms | 2026-06-17 | N/A | 8.1 HIGH |
| An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-57668 | 1 Fabian | 1 Shopping Portal | 2026-06-17 | N/A | 8.8 HIGH |
| In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability. | |||||
