Vulnerabilities (CVE)

Filtered by CWE-434
Total 4132 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-29135 1 Themefic 1 Tourfic 2026-06-17 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.15.
CVE-2024-29100 1 Meowapps 1 Ai Engine 2026-06-17 N/A 9.1 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4.
CVE-2024-28890 1 Incsub 1 Forminator 2026-06-17 N/A 5.3 MEDIUM
Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition.
CVE-2024-28520 2026-06-17 N/A 6.5 MEDIUM
File Upload vulnerability in Byzoro Networks Smart multi-service security gateway intelligent management platform version S210, allows an attacker to obtain sensitive information via the uploadfile.php component.
CVE-2024-28441 1 Magicflue 1 Magicflue 2026-06-17 N/A 9.8 CRITICAL
File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint.
CVE-2024-28425 1 Linkedin 1 Greykite 2026-06-17 N/A 7.5 HIGH
greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2024-28423 1 Feluelle 1 Airflow-diagrams 2026-06-17 N/A 9.8 CRITICAL
Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.
CVE-2024-28418 1 Webedition 1 Webedition Cms 2026-06-17 N/A 6.5 MEDIUM
Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php
CVE-2024-28269 2026-06-17 N/A 7.2 HIGH
ReCrystallize Server 5.10.0.0 allows administrators to upload files to the server. The file upload is not restricted, leading to the ability to upload of malicious files. This could result in a Remote Code Execution.
CVE-2024-28166 1 Sap 1 Business Objects Business Intelligence Platform 2026-06-17 N/A 3.7 LOW
SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrity of the application.
CVE-2024-28147 2026-06-17 N/A 7.4 HIGH
An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image (Stored Cross Site Scripting). It is also possible to upload SVG files that include nested XML entities. Those are parsed when a user visits the direct URL of the collection preview image, which may be utilized for a Denial of Service attack. This issue affects edu-sharing: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19.
CVE-2024-27964 1 Gesundheit-bewegt 1 Zippy 2026-06-17 N/A 8.8 HIGH
Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.9.
CVE-2024-27957 1 Genetechsolutions 1 Pie Register 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1.
CVE-2024-27951 1 Themeisle 1 Multiple Page Generator 2026-06-17 N/A 9.1 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows Upload a Web Shell to a Web Server.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0.
CVE-2024-27945 1 Siemens 1 Ruggedcom Crossbow 2026-06-17 N/A 7.2 HIGH
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.
CVE-2024-27944 1 Siemens 1 Ruggedcom Crossbow 2026-06-17 N/A 7.2 HIGH
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.
CVE-2024-27943 1 Siemens 1 Ruggedcom Crossbow 2026-06-17 N/A 7.2 HIGH
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code execution.
CVE-2024-27903 1 Openvpn 1 Openvpn 2026-06-17 N/A 9.8 CRITICAL
OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service.
CVE-2024-27747 1 Mayurik 1 Petrol Pump Management 2026-06-17 N/A 9.8 CRITICAL
File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component.
CVE-2024-27733 2026-06-17 N/A 7.7 HIGH
File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component.