Total
4121 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42780 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 8.8 HIGH |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2024-42779 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 8.8 HIGH |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2024-42778 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 8.8 HIGH |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2024-42777 | 1 Lopalopa | 1 Music Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2024-42767 | 1 Jayesh | 1 Hotel Management System | 2026-06-17 | N/A | 7.2 HIGH |
| Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. | |||||
| CVE-2024-42676 | 1 Isellerpal | 1 Enterprise Resource Management System | 2026-06-17 | N/A | 8.8 HIGH |
| File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component | |||||
| CVE-2024-42640 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2024-42563 | 1 Jerryhanjj | 1 Erp | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. | |||||
| CVE-2024-42523 | 1 Publiccms | 1 Publiccms | 2026-06-17 | N/A | 7.2 HIGH |
| publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData | |||||
| CVE-2024-42375 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2026-06-17 | N/A | 4.3 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | |||||
| CVE-2024-42180 | 1 Hcltech | 1 Dryice Myxalytics | 2026-06-17 | N/A | 1.6 LOW |
| HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files. | |||||
| CVE-2024-42054 | 1 Cervantessec | 1 Cervantes | 2026-06-17 | N/A | 5.4 MEDIUM |
| Cervantes through 0.5-alpha accepts insecure file uploads. | |||||
| CVE-2024-41913 | 1 Hp | 1 Poly Clariti Manager | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input. | |||||
| CVE-2024-41731 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2026-06-17 | N/A | 3.1 LOW |
| SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application. | |||||
| CVE-2024-41577 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| An arbitrary file upload vulnerability in the Ueditor component of productinfoquick v1.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. | |||||
| CVE-2024-41454 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file. | |||||
| CVE-2024-40744 | 1 Convert Forms Project | 1 Convert Forms | 2026-06-17 | N/A | 9.8 CRITICAL |
| Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. | |||||
| CVE-2024-40695 | 1 Ibm | 1 Cognos Analytics | 2026-06-17 | N/A | 8.0 HIGH |
| IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | |||||
| CVE-2024-40693 | 1 Ibm | 1 Planning Analytics | 2026-06-17 | N/A | 8.0 HIGH |
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | |||||
| CVE-2024-40691 | 1 Ibm | 1 Cognos Controller | 2026-06-17 | N/A | 8.0 HIGH |
| IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | |||||
