Total
2929 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45137 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2024-10-18 | 7.8 High |
| InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction. | ||||
| CVE-2024-47423 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2024-10-18 | 7.8 High |
| Adobe Framemaker versions 2020.6, 2022.4 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which can be automatically processed or executed by the system. Exploitation of this issue requires user interaction. | ||||
| CVE-2024-48180 | 1 Classcms | 1 Classcms | 2024-10-18 | 9.8 Critical |
| ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code. | ||||
| CVE-2024-49398 | 1 Elvaco | 1 Cme3100 Firmware | 2024-10-18 | N/A |
| The affected product is vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute code. | ||||
| CVE-2024-49291 | 1 Boxystudio | 1 Cooked | 2024-10-18 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Gora Tech LLC Cooked Pro.This issue affects Cooked Pro: from n/a before 1.8.0. | ||||
| CVE-2024-8918 | 1 Filemanagerpro | 2 File Manager, File Manager Pro | 2024-10-17 | 7.4 High |
| The File Manager Pro plugin for WordPress is vulnerable to Limited JavaScript File Upload in all versions up to, and including, 8.3.9. This is due to a lack of proper checks on allowed file types. This makes it possible for unauthenticated attackers, with permissions granted by an administrator, to upload .css and .js files, which could lead to Stored Cross-Site Scripting. | ||||
| CVE-2024-8746 | 1 Filemanagerpro | 2 File Manager, File Manager Pro | 2024-10-17 | 7.5 High |
| The File Manager Pro plugin for WordPress is vulnerable to arbitrary backup file downloads and uploads due to missing file type validation via the 'mk_file_folder_manager_shortcode' ajax action in all versions up to, and including, 8.3.9. This makes it possible for unauthenticated attackers, if granted access to the File Manager by an administrator, to download and upload arbitrary backup files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-9981 | 1 Formosasoft | 2 Ee-class, Ee Class | 2024-10-17 | 8.8 High |
| The ee-class from FormosaSoft does not properly validate a specific page parameter, allowing remote attackers with regular privileges to upload a malicious PHP file first and then exploit this vulnerability to include the file, resulting in arbitrary code execution on the server. | ||||
| CVE-2024-9816 | 1 Codezips | 1 Tourist Management System | 2024-10-17 | 4.7 Medium |
| A vulnerability was found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9815 | 1 Codezips | 1 Tourist Management System | 2024-10-17 | 4.7 Medium |
| A vulnerability has been found in Codezips Tourist Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/create-package.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9985 | 1 Ragic | 1 Enterprise Cloud Database | 2024-10-16 | 10 Critical |
| Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server. | ||||
| CVE-2024-48782 | 1 Dycms | 1 Dycms | 2024-10-16 | 9.8 Critical |
| File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. | ||||
| CVE-2024-48781 | 1 Wanxingtechnology | 1 Yitu Project Management Kirin Edition | 2024-10-16 | 9.8 Critical |
| An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. | ||||
| CVE-2021-4443 | 1 Quadlayers | 1 Wordpress Mega Menu-quadmenu | 2024-10-16 | 9.8 Critical |
| The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code. | ||||
| CVE-2024-49242 | 1 Shafiq | 1 Digital Library | 2024-10-16 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Shafiq Digital Lottery allows Upload a Web Shell to a Web Server.This issue affects Digital Lottery: from n/a through 3.0.5. | ||||
| CVE-2024-49216 | 1 Joshua Clayton | 1 Feed Comments Number | 2024-10-16 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Clayton Feed Comments Number allows Upload a Web Shell to a Web Server.This issue affects Feed Comments Number: from n/a through 0.2.1. | ||||
| CVE-2024-48035 | 1 Takayukiimanishi | 1 Acf Images Search And Insert | 2024-10-16 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Takayuki Imanishi ACF Images Search And Insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through 1.1.4. | ||||
| CVE-2024-49260 | 1 Limb | 1 Limb Image Gallery | 2024-10-16 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Limb WordPress Gallery Plugin – Limb Image Gallery allows Code Injection.This issue affects WordPress Gallery Plugin – Limb Image Gallery: from n/a through 1.5.7. | ||||
| CVE-2024-49257 | 1 Denis | 1 Azz Anonim Posting | 2024-10-16 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9. | ||||
| CVE-2024-48034 | 1 Fliperr Team | 1 Creates 3d Flipbook Pdf Flipbook | 2024-10-16 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Fliperrr Team Creates 3D Flipbook, PDF Flipbook allows Upload a Web Shell to a Web Server.This issue affects Creates 3D Flipbook, PDF Flipbook: from n/a through 1.2. | ||||