Total
2367 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46360 | 1 Ocproducts | 1 Composr | 2023-03-27 | 6.5 MEDIUM | 8.8 HIGH |
| Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. | |||||
| CVE-2023-28337 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2023-03-21 | N/A | 8.8 HIGH |
| When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device. | |||||
| CVE-2023-27235 | 1 Jizhicms | 1 Jizhicms | 2023-03-17 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. | |||||
| CVE-2023-27757 | 1 Perfree | 1 Perfreeblog | 2023-03-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file. | |||||
| CVE-2023-23328 | 1 Avantfax | 1 Avantfax | 2023-03-16 | N/A | 8.8 HIGH |
| A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file. | |||||
| CVE-2023-1313 | 1 Agentejo | 1 Cockpit | 2023-03-15 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. | |||||
| CVE-2023-22890 | 1 Smartbear | 1 Zephyr Enterprise | 2023-03-14 | N/A | 7.5 HIGH |
| SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. | |||||
| CVE-2021-33352 | 1 Wyomind | 1 Help Desk | 2023-03-14 | N/A | 9.8 CRITICAL |
| An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field. | |||||
| CVE-2023-26949 | 1 Onekeyadmin | 1 Onekeyadmin | 2023-03-13 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2023-25402 | 1 Yf-exam Project | 1 Yf-exam | 2023-03-10 | N/A | 7.5 HIGH |
| CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload. | |||||
| CVE-2023-24045 | 1 Dataiku | 1 Data Science Studio | 2023-03-09 | N/A | 6.5 MEDIUM |
| In Dataiku DSS 11.2.1, an attacker can download other Dataiku files that were uploaded to the myfiles section by specifying the target username in a download request. | |||||
| CVE-2023-24249 | 1 Laravel-admin | 1 Laravel-admin | 2023-03-07 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-35290 | 1 Balero Cms Project | 1 Balero Cms | 2023-03-07 | N/A | 7.2 HIGH |
| File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page. | |||||
| CVE-2021-33224 | 1 Umbraco | 1 Umbraco Forms | 2023-03-06 | N/A | 9.8 CRITICAL |
| File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. | |||||
| CVE-2023-26762 | 1 Smeup | 1 Erp | 2023-03-04 | N/A | 8.8 HIGH |
| Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. | |||||
| CVE-2023-24317 | 1 Judging Management System Project | 1 Judging Management System | 2023-03-03 | N/A | 8.1 HIGH |
| Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. | |||||
| CVE-2022-2883 | 1 Octopus | 1 Octopus Server | 2023-03-03 | N/A | 7.5 HIGH |
| In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | |||||
| CVE-2022-39983 | 1 Instantdeveloper | 1 Rd3 | 2023-03-03 | N/A | 9.8 CRITICAL |
| File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute arbitrary code. | |||||
| CVE-2022-2111 | 1 Inventree Project | 1 Inventree | 2023-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2. | |||||
| CVE-2021-35261 | 1 Bearadmin Project | 1 Bearadmin | 2023-02-28 | N/A | 9.8 CRITICAL |
| File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint. | |||||