Vulnerabilities (CVE)

Filtered by CWE-434
Total 4121 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-49331 1 Myriadsolutionz 1 Property Lot Management System 2026-06-17 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System plms allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through <= 4.2.38.
CVE-2024-49330 1 Brx8r 1 Nice Backgrounds 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in brx8r Nice Backgrounds nicebackgrounds allows Upload a Web Shell to a Web Server.This issue affects Nice Backgrounds: from n/a through <= 1.0.
CVE-2024-49329 1 Vivektamrakar 1 Wp Rest Api Fns 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in vivek2tamrakar WP REST API FNS rest-api-fns allows Upload a Web Shell to a Web Server.This issue affects WP REST API FNS: from n/a through <= 1.0.0.
CVE-2024-49327 1 Asepbagjapriandana 1 Woostagram Connect 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through <= 1.0.2.
CVE-2024-49326 1 Vasiliskerasiotis 1 Affiliator 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Vasileios Kerasiotis Affiliator affiliator-lite allows Upload a Web Shell to a Web Server.This issue affects Affiliator: from n/a through <= 2.1.3.
CVE-2024-49324 1 Sovratec 1 Sovratec Case Management 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in sovratecdev Sovratec Case Management sovratec-case-management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through <= 1.0.0.
CVE-2024-49314 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through <= 2.5.2.
CVE-2024-49291 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0.
CVE-2024-49260 2026-06-17 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Limbcode WordPress Gallery Plugin – Limb Image Gallery limb-gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through <= 1.5.7.
CVE-2024-49257 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting azz-anonim-posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through <= 0.9.
CVE-2024-49242 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery digital-lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through <= 3.0.5.
CVE-2024-49216 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in jclay06 Feed Comments Number feed-comments-number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through <= 0.2.1.
CVE-2024-48782 2026-06-17 N/A 9.8 CRITICAL
File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end.
CVE-2024-48781 2026-06-17 N/A 9.8 CRITICAL
An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat.
CVE-2024-48760 1 Gestioip 1 Gestioip 2026-06-17 N/A 9.8 CRITICAL
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.
CVE-2024-48646 1 Sage 1 Sage Frp 1000 2026-06-17 N/A 8.1 HIGH
An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the server, leading to further system compromise.
CVE-2024-48594 1 Fast5 1 Prison Management System 2026-06-17 N/A 8.8 HIGH
File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component.
CVE-2024-48454 1 Oretnom23 1 Purchase Order Management System 2026-06-17 N/A 7.2 HIGH
An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component
CVE-2024-48202 1 Thecosy 1 Icecms 2026-06-17 N/A 9.8 CRITICAL
icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile.
CVE-2024-48180 1 Classcms 1 Classcms 2026-06-17 N/A 9.8 CRITICAL
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.