Total
4115 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57450 | 1 1000mz | 1 Chestnutcms | 2026-06-17 | N/A | 9.8 CRITICAL |
| ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. | |||||
| CVE-2024-57408 | 1 Beian.miit | 1 Cool-admin-java | 2026-06-17 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-57407 | 2026-06-17 | N/A | 7.3 HIGH | ||
| An arbitrary file upload vulnerability in the component /userPicture of Timo v2.0.3 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-57169 | 1 Soplanning | 1 Soplanning | 2026-06-17 | N/A | 9.8 CRITICAL |
| A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files. | |||||
| CVE-2024-56975 | 1 Invoiceplane | 1 Invoiceplane | 2026-06-17 | N/A | 9.8 CRITICAL |
| InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller. | |||||
| CVE-2024-56897 | 1 Yitechnology | 2 Yi Car Dashcam, Yi Car Dashcam Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset. | |||||
| CVE-2024-56829 | 2026-06-17 | N/A | 10.0 CRITICAL | ||
| Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx. | |||||
| CVE-2024-56828 | 1 1000mz | 1 Chestnutcms | 2026-06-17 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the base64-encoded image is parsed. For example, given a string like: data:image/html;base64,PGh0bWw+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPjwvaHRtbD4= the content after the comma is extracted and decoded using Base64.getDecoder().decode(). The substring from the 11th character up to the first occurrence of a semicolon (;) is assigned to the suffix variable (representing the file extension). The decoded content is then written to a file. However, the file extension is not validated, and since this functionality is exposed to the frontend, it poses significant security risks. | |||||
| CVE-2024-56508 | 1 Linkace | 1 Linkace | 2026-06-17 | N/A | 7.6 HIGH |
| LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6. | |||||
| CVE-2024-56264 | 2026-06-17 | N/A | 6.6 MEDIUM | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0. | |||||
| CVE-2024-56249 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through <= 1.13.1. | |||||
| CVE-2024-56064 | 2026-06-17 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3. | |||||
| CVE-2024-56057 | 1 Vibethemes | 1 Wordpress Learning Management System | 2026-06-17 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | |||||
| CVE-2024-56054 | 1 Vibethemes | 1 Wordpress Learning Management System | 2026-06-17 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | |||||
| CVE-2024-56052 | 1 Vibethemes | 1 Wordpress Learning Management System | 2026-06-17 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | |||||
| CVE-2024-56050 | 1 Vibethemes | 1 Wordpress Learning Management System | 2026-06-17 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | |||||
| CVE-2024-56046 | 1 Vibethemes | 1 Wordpress Learning Management System | 2026-06-17 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9. | |||||
| CVE-2024-55926 | 1 Xerox | 1 Workplace Suite | 2026-06-17 | N/A | 7.6 HIGH |
| A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data | |||||
| CVE-2024-55514 | 1 Raisecom | 8 Msg1200, Msg1200 Firmware, Msg2100e and 5 more | 2026-06-17 | N/A | 6.3 MEDIUM |
| A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions. | |||||
| CVE-2024-55417 | 1 Thecontrolgroup | 1 Voyager | 2026-06-17 | N/A | 4.3 MEDIUM |
| DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web shell causing arbitrary code execution on the server. | |||||
