Total
4132 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25182 | 1 Vvveb | 1 Vvvebjs | 2026-06-17 | N/A | 9.8 CRITICAL |
| givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php. | |||||
| CVE-2024-25034 | 1 Ibm | 1 Planning Analytics | 2026-06-17 | N/A | 8.0 HIGH |
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. | |||||
| CVE-2024-25020 | 1 Ibm | 1 Cognos Controller | 2026-06-17 | N/A | 5.5 MEDIUM |
| IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further attacks. | |||||
| CVE-2024-25019 | 1 Ibm | 1 Cognos Controller | 2026-06-17 | N/A | 5.5 MEDIUM |
| IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. | |||||
| CVE-2024-24714 | 1 Bplugins | 1 Icons Font Loader | 2026-06-17 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.This issue affects Icons Font Loader: from n/a through 1.1.4. | |||||
| CVE-2024-24551 | 1 Bludit | 1 Bludit | 2026-06-17 | N/A | 8.8 HIGH |
| A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. | |||||
| CVE-2024-24550 | 1 Bludit | 1 Bludit | 2026-06-17 | N/A | 8.1 HIGH |
| A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files. | |||||
| CVE-2024-24399 | 1 Lepton-cms | 1 Leptoncms | 2026-06-17 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area. | |||||
| CVE-2024-24393 | 1 Oaooa | 1 Pichome | 2026-06-17 | N/A | 9.8 CRITICAL |
| File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. | |||||
| CVE-2024-24350 | 1 Softwarepublico | 1 E-sic Livre | 2026-06-17 | N/A | 8.8 HIGH |
| File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component. | |||||
| CVE-2024-24202 | 1 Easycorp | 3 Zentao, Zentao Biz, Zentao Max | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file. | |||||
| CVE-2024-24146 | 1 Libming | 1 Libming | 2026-06-17 | N/A | 6.5 MEDIUM |
| A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file. | |||||
| CVE-2024-24026 | 1 Xxyopen | 1 Novel-plus | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. | |||||
| CVE-2024-24025 | 1 Xxyopen | 1 Novel-plus | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. | |||||
| CVE-2024-24024 | 1 Xxyopen | 1 Novel-plus | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download. | |||||
| CVE-2024-24000 | 1 Huaxiaerp | 1 Jsherp | 2026-06-17 | N/A | 9.8 CRITICAL |
| jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths. | |||||
| CVE-2024-23946 | 1 Apache | 1 Ofbiz | 2026-06-17 | N/A | 5.3 MEDIUM |
| Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue. | |||||
| CVE-2024-23811 | 1 Siemens | 1 Sinec Nms | 2026-06-17 | N/A | 8.8 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution. | |||||
| CVE-2024-23762 | 1 Gambio | 1 Gambio | 2026-06-17 | N/A | 7.8 HIGH |
| Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. | |||||
| CVE-2024-23759 | 1 Gambio | 1 Gambio | 2026-06-17 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | |||||
