Skip to main content

File Upload

4032 CVEs technique

Monthly

CVE-2024-12956 MEDIUM POC This Month

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Portfolio Management System Mca
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-12954 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Portfolio Management System Mca
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-12953 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Portfolio Management System Mca
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-12951 MEDIUM POC This Month

A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Portfolio Management System Mca
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2024-47151 HIGH This Week

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Magicos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-10584 MEDIUM PATCH This Month

The DirectoryPress - Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress XSS File Upload Directorypress
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-55342 NuGet MEDIUM POC This Month

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Piranha Cms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-40695 HIGH PATCH This Week

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload Cognos Analytics
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-12700 HIGH This Week

There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-11984 CRITICAL Act Now

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
9.4
EPSS
0.7%
CVE-2024-56057 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-56054 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-56052 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-56050 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-55514 MEDIUM This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP File Upload Msg2300 Firmware Msg2100E Firmware +2
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-55451 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Ujcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-11144 CRITICAL Act Now

The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition File Upload
NVD
CVSS 4.0
9.2
EPSS
0.3%
CVE-2024-54285 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro seedprod-coming-soon-pro-5 allows Upload a Web Shell to a Web Server.18.13. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-54370 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Upload a Web Shell to a Web Server.1.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2024-12478 MEDIUM This Month

A vulnerability was found in InvoicePlane up to 1.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP File Upload Invoiceplane
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-9698 HIGH This Week

The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-54262 CRITICAL Emergency

Arbitrary file upload in the Import Export For WooCommerce WordPress plugin (versions through 1.6.2) by sidngr allows authenticated low-privileged users to upload web shells, leading to full server compromise with a CVSS of 9.9 and changed scope. EPSS places this in the 98th percentile (~48% exploitation probability), indicating significant attacker interest, though no public exploit identified at time of analysis. CISA KEV does not list this CVE.

File Upload WordPress
NVD
CVSS 3.1
9.9
EPSS
48.4%
CVE-2024-9290 CRITICAL Act Now

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2024-12042 MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Google WordPress Apple XSS File Upload +1
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-12300 LOW Monitor

The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to,. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass WordPress PHP File Upload
NVD
CVSS 3.1
3.7
EPSS
0.4%
CVE-2024-10590 HIGH This Week

The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Nginx File Upload
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-44220 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple File Upload macOS
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2024-53677 Maven CRITICAL PATCH Act Now

File upload logic in Apache Struts is flawed. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian RCE Apache File Upload Struts
NVD
CVSS 4.0
9.5
EPSS
78.2%
CVE-2024-47946 HIGH This Week

If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2024-50627 HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Information Disclosure File Upload Connectport Lts Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-50625 HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Connectport Lts Firmware
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-54918 CRITICAL POC Act Now

Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload E Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-53822 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium pie-register-premium.8.3.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-54214 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.18. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-53811 MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit wdesignkit allows Upload a Web Shell to a Web Server.0.40. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2024-10578 HIGH This Week

The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-12233 MEDIUM POC This Month

A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical.php of the component Profile Picture Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Online Notice Board
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.8%
CVE-2024-51548 HIGH This Week

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb File Upload Aspect Ent 12 Firmware Aspect Ent 2 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 4.0
8.7
EPSS
0.6%
CVE-2024-53982 HIGH This Week

ZOO-Project is a C-based WPS (Web Processing Service) implementation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload
NVD GitHub
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-40744 CRITICAL Act Now

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Convert Forms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-46625 HIGH This Week

An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-25020 CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-40691 CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-25019 CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-11391 HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress PHP File Upload Advanced File Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-53617 MEDIUM This Month

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2024-53564 HIGH This Week

A vulnerability was discovered in FreePBX 17.0.19.17. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Freepbx
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-52476 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Stefan Bohacek Fediverse Embeds fediverse-embeds allows Upload a Web Shell to a Web Server.5.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2024-11979 CRITICAL Act Now

DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-52490 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.5.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2024-11082 CRITICAL Act Now

The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD GitHub
CVSS 3.1
9.9
EPSS
1.2%
CVE-2024-8066 HIGH PATCH This Week

The File Manager Pro - Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload Filester
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-53619 MEDIUM POC This Month

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Spip
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-9504 HIGH This Week

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS File Upload
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-11674 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Hospital Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.6%
CVE-2024-11661 MEDIUM POC This Month

A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload Free Exam Hall Seating Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2024-9942 CRITICAL Act Now

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload Wordpress Gym Management System
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-9660 HIGH This Week

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload School Management System
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-9659 CRITICAL Act Now

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload School Management System
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2024-51367 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection File Upload RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-51366 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-51364 HIGH POC This Week

An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-8525 CRITICAL Act Now

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
10.0
EPSS
1.4%
CVE-2024-52677 CRITICAL Act Now

HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Hkcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-52770 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload Dedebiz
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-52769 HIGH POC This Week

An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dedebiz
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-51208 HIGH This Week

File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Boat Booking System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.4%
CVE-2024-11404 PyPI MEDIUM PATCH This Month

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python File Upload XSS
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-48694 CRITICAL POC Act Now

File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE File Upload
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-51053 CRITICAL Act Now

An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP XSS File Upload
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2024-51743 HIGH PATCH This Week

MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Markus
NVD GitHub
CVSS 4.0
7.1
EPSS
0.7%
CVE-2024-51499 HIGH PATCH This Week

MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Markus
NVD GitHub
CVSS 4.0
7.1
EPSS
0.7%
CVE-2024-52429 CRITICAL Emergency

Web shell upload via the AntonHoelstad WP Quick Setup WordPress plugin (versions up to and including 2.0) allows authenticated remote attackers to upload files of dangerous types and achieve code execution on the underlying web server. EPSS rates exploitation probability at 34.73% (97th percentile), and no public exploit identified at time of analysis, though the CWE-434 pattern and low attacker requirements make this a high-priority issue for WordPress operators running the plugin.

File Upload
NVD
CVSS 3.1
9.9
EPSS
34.7%
CVE-2024-52397 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post convert-docx2post allows Upload a Web Shell to a Web Server.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-52408 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-52407 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.0.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-52406 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.26. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-52405 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows Upload a Web Shell to a Web Server.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-52404 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.2.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-52403 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-52400 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio gallerio allows Upload a Web Shell to a Web Server.01. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-52399 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-52398 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.5.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2024-8856 CRITICAL POC PATCH THREAT Act Now

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress PHP File Upload Backup And Staging By Wp Time Capsule
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
93.7%
CVE-2024-9849 HIGH Act Now

The Real3D Flipbook Lite - 3D FlipBook, PDF Viewer, PDF Embedder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

File Upload RCE WordPress
NVD
CVSS 3.1
8.8
EPSS
15.7%
CVE-2024-44758 CRITICAL Act Now

An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE File Upload Nus M9 Erp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-50652 MEDIUM POC This Month

A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Shop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-50649 CRITICAL POC Act Now

The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Python Book
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-50648 CRITICAL POC Act Now

yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Yshopmall
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-52370 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.1.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.7%
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Magicos
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The DirectoryPress - Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress XSS File Upload +1
NVD
EPSS 0% CVSS 4.7
MEDIUM POC This Month

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Piranha Cms
NVD GitHub
EPSS 0% CVSS 8.0
HIGH PATCH This Week

IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

IBM File Upload Cognos Analytics
NVD
EPSS 1% CVSS 8.7
HIGH This Week

There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.2. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9.5.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP File Upload +4
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Ujcms
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL Act Now

The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro seedprod-coming-soon-pro-5 allows Upload a Web Shell to a Web Server.18.13. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member gallery-for-ultimate-member allows Upload a Web Shell to a Web Server.1.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in InvoicePlane up to 1.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 2% CVSS 7.2
HIGH This Week

The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
EPSS 48% CVSS 9.9
CRITICAL Emergency

Arbitrary file upload in the Import Export For WooCommerce WordPress plugin (versions through 1.6.2) by sidngr allows authenticated low-privileged users to upload web shells, leading to full server compromise with a CVSS of 9.9 and changed scope. EPSS places this in the 98th percentile (~48% exploitation probability), indicating significant attacker interest, though no public exploit identified at time of analysis. CISA KEV does not list this CVE.

File Upload WordPress
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Google WordPress Apple +3
NVD
EPSS 0% CVSS 3.7
LOW Monitor

The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to,. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass WordPress PHP +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress Nginx +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple File Upload macOS
NVD
EPSS 78% CVSS 9.5
CRITICAL PATCH Act Now

File upload logic in Apache Struts is flawed. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Atlassian RCE Apache +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Information Disclosure +2
NVD
EPSS 0% CVSS 8.0
HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Connectport Lts Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium pie-register-premium.8.3.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.18. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit wdesignkit allows Upload a Web Shell to a Web Server.0.40. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload
NVD
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical.php of the component Profile Picture Handler. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 8.7
HIGH This Week

Dangerous File Upload vulnerabilities allow upload of malicious scripts. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Abb File Upload Aspect Ent 12 Firmware +18
NVD
EPSS 0% CVSS 8.7
HIGH This Week

ZOO-Project is a C-based WPS (Web Processing Service) implementation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Convert Forms
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM File Upload Cognos Controller
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress PHP +2
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

A vulnerability was discovered in FreePBX 17.0.19.17. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Freepbx
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Stefan Bohacek Fediverse Embeds fediverse-embeds allows Upload a Web Shell to a Web Server.5.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web Server.5.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The File Manager Pro - Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress File Upload +1
NVD
EPSS 1% CVSS 6.3
MEDIUM POC This Month

An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Spip
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS File Upload
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE WordPress File Upload +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress File Upload +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection File Upload RCE
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL Act Now

An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Hkcms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Dedebiz
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Boat Booking System
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python File Upload XSS
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE File Upload
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP XSS +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Markus
NVD GitHub
EPSS 1% CVSS 7.1
HIGH PATCH This Week

MarkUs is a web application for the submission and grading of student assignments. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Markus
NVD GitHub
EPSS 35% CVSS 9.9
CRITICAL Emergency

Web shell upload via the AntonHoelstad WP Quick Setup WordPress plugin (versions up to and including 2.0) allows authenticated remote attackers to upload files of dangerous types and achieve code execution on the underlying web server. EPSS rates exploitation probability at 34.73% (97th percentile), and no public exploit identified at time of analysis, though the CWE-434 pattern and low attacker requirements make this a high-priority issue for WordPress operators running the plugin.

File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post convert-docx2post allows Upload a Web Shell to a Web Server.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.0.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in wibergsweb CSV to html csv-to-html allows Upload a Web Shell to a Web Server.26. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in bikramjoshii B-Banner Slider b-banner-slider allows Upload a Web Shell to a Web Server.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in bigfiveagency CF7 Reply Manager cf7-reply-manager.2.3. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Saad Iqbal User Management user-management allows Upload a Web Shell to a Web Server.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Subhasis Laha Gallerio gallerio allows Upload a Web Shell to a Web Server.01. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI collect-and-deliver-interface-for-woocommerce.5.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress
NVD
EPSS 94% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE WordPress PHP +2
NVD Exploit-DB
EPSS 16% CVSS 8.8
HIGH Act Now

The Real3D Flipbook Lite - 3D FlipBook, PDF Viewer, PDF Embedder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.7% and no vendor patch available.

File Upload RCE WordPress
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability in the component /Production/UploadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to execute arbitrary code via uploading crafted files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE File Upload +1
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Java Shop
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Python Book
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Yshopmall
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support hive-support allows Upload a Web Shell to a Web Server.1.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
Prev Page 16 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy