Vulnerabilities (CVE)

Filtered by CWE-434
Total 4121 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-42780 1 Lopalopa 1 Music Management System 2026-06-17 N/A 8.8 HIGH
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-42779 1 Lopalopa 1 Music Management System 2026-06-17 N/A 8.8 HIGH
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-42778 1 Lopalopa 1 Music Management System 2026-06-17 N/A 8.8 HIGH
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-42777 1 Lopalopa 1 Music Management System 2026-06-17 N/A 9.8 CRITICAL
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2024-42767 1 Jayesh 1 Hotel Management System 2026-06-17 N/A 7.2 HIGH
Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php.
CVE-2024-42676 1 Isellerpal 1 Enterprise Resource Management System 2026-06-17 N/A 8.8 HIGH
File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component
CVE-2024-42640 2026-06-17 N/A 9.8 CRITICAL
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-42563 1 Jerryhanjj 1 Erp 2026-06-17 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file.
CVE-2024-42523 1 Publiccms 1 Publiccms 2026-06-17 N/A 7.2 HIGH
publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData
CVE-2024-42375 1 Sap 1 Business Objects Business Intelligence Platform 2026-06-17 N/A 4.3 MEDIUM
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.
CVE-2024-42180 1 Hcltech 1 Dryice Myxalytics 2026-06-17 N/A 1.6 LOW
HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files.
CVE-2024-42054 1 Cervantessec 1 Cervantes 2026-06-17 N/A 5.4 MEDIUM
Cervantes through 0.5-alpha accepts insecure file uploads.
CVE-2024-41913 1 Hp 1 Poly Clariti Manager 2026-06-17 N/A 8.8 HIGH
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.
CVE-2024-41731 1 Sap 1 Business Objects Business Intelligence Platform 2026-06-17 N/A 3.1 LOW
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.
CVE-2024-41577 2026-06-17 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.
CVE-2024-41454 2026-06-17 N/A 6.5 MEDIUM
An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file.
CVE-2024-40744 1 Convert Forms Project 1 Convert Forms 2026-06-17 N/A 9.8 CRITICAL
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.
CVE-2024-40695 1 Ibm 1 Cognos Analytics 2026-06-17 N/A 8.0 HIGH
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
CVE-2024-40693 1 Ibm 1 Planning Analytics 2026-06-17 N/A 8.0 HIGH
IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.
CVE-2024-40691 1 Ibm 1 Cognos Controller 2026-06-17 N/A 8.0 HIGH
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.