Total
4129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40394 | 1 Oretnom23 | 1 Simple Library Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the component ajax.php. | |||||
| CVE-2024-40318 | 1 Webkul | 1 Qloapps | 2026-06-17 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-40125 | 1 Closed-loop | 1 Cless Server | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint. | |||||
| CVE-2024-40071 | 1 Oretnom23 | 1 Online Id Generator System | 2026-06-17 | N/A | 9.8 CRITICAL |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2024-3962 | 1 Themeisle | 1 Product Addons \& Fields For Woocommerce | 2026-06-17 | N/A | 9.8 CRITICAL |
| The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires the PPOM Pro plugin to be installed along with a WooCommerce product that contains a file upload field to retrieve the correct nonce. | |||||
| CVE-2024-3948 | 1 Library System Project | 1 Library System | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Home Clean Service System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file \admin\student.add.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261440. | |||||
| CVE-2024-3912 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device. | |||||
| CVE-2024-3863 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-06-17 | N/A | 9.8 CRITICAL |
| The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | |||||
| CVE-2024-3804 | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-3803 | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. This vulnerability affects unknown code of the file /Public/webuploader/0.1.5/server/fileupload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-3778 | 1 Ai3 | 1 Qbibot | 2026-06-17 | N/A | 7.2 HIGH |
| The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code. | |||||
| CVE-2024-3736 | 1 Cym1102 | 1 Nginxwebui | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575. | |||||
| CVE-2024-3705 | 1 Opengnsys | 1 Opengnsys | 2026-06-17 | N/A | 8.8 HIGH |
| Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection. | |||||
| CVE-2024-3521 | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-3508 | 1 Redhat | 1 Trusted Profile Analyzer | 2026-06-17 | N/A | 4.3 MEDIUM |
| A flaw was found in Bombastic, which allows authenticated users to upload compressed (bzip2 or zstd) SBOMs. The API endpoint verifies the presence of some fields and values in the JSON. To perform this verification, the uploaded file must first be decompressed. | |||||
| CVE-2024-3488 | 1 Microfocus | 1 Imanager | 2026-06-17 | N/A | 5.6 MEDIUM |
| File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication. | |||||
| CVE-2024-3483 | 1 Microfocus | 1 Imanager | 2026-06-17 | N/A | 7.8 HIGH |
| Remote Code Execution has been discovered in OpenText™ iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues. | |||||
| CVE-2024-3444 | 2026-06-17 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in Wangshen SecGate 3600 up to 20240408. It has been classified as critical. This affects an unknown part of the file /?g=net_pro_keyword_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259701 was assigned to this vulnerability. | |||||
| CVE-2024-3437 | 1 Fast5 | 1 Prison Management System | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Admin/add-admin.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259631. | |||||
| CVE-2024-3436 | 1 Fast5 | 1 Prison Management System | 2026-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Prison Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /Admin/edit-photo.php of the component Avatar Handler. The manipulation of the argument avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259630 is the identifier assigned to this vulnerability. | |||||
