Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2024-32954 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.9.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-32836 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.5.11. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-28890 MEDIUM This Month

Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

File Upload Forminator
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2024-29368 MEDIUM POC This Month

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mozilocms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2024-29661 CRITICAL Act Now

A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Dedecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-23534 HIGH This Week

An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti File Upload Avalanche
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2024-3948 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Home Clean Service System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Library System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-32161 CRITICAL POC Act Now

jizhiCMS 2.5 suffers from a File upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jizhicms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-32514 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Poll Maker
NVD
CVSS 3.1
9.9
EPSS
0.7%
CVE-2024-31680 HIGH This Week

File Upload vulnerability in Shibang Communications Co., Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-32256 HIGH POC This Week

Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tourism Management System
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2024-32254 HIGH POC This Week

Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tourism Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-3863 CRITICAL Act Now

The executable file warning was not presented when downloading .xrm-ms files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla File Upload Firefox Thunderbird
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2024-1961 HIGH This Week

vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Path Traversal RCE Java File Upload
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2024-3804 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408.1.5/server/fileupload2.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-3803 MEDIUM This Month

A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.5%
CVE-2024-3778 HIGH This Week

The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Qbibot
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2024-3766 LOW Monitor

A vulnerability, which was classified as problematic, has been found in slowlyo OwlAdmin up to 3.5.7. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload
NVD GitHub VulDB
CVSS 3.1
2.4
EPSS
0.4%
CVE-2024-3736 HIGH POC This Week

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Nginxwebui
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-3705 HIGH This Week

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Opengnsys
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-51409 CRITICAL POC THREAT Emergency

Unrestricted file upload in Jordy Meow's AI Engine: ChatGPT Chatbot plugin for WordPress (versions up to and including 1.9.98) allows remote attackers to upload arbitrary files of dangerous types, including executable PHP scripts, leading to remote code execution on the underlying web server. With a maximum CVSS score of 10.0, an EPSS score of 92.78% (100th percentile), and publicly available exploit code, this represents an extreme-priority issue for any WordPress site running the plugin.

File Upload Ai Engine
NVD GitHub
CVSS 3.1
10.0
EPSS
92.8%
Threat
6.3
CVE-2024-3344 MEDIUM This Month

The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress File Upload Otter Blocks
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-31214 CRITICAL POC PATCH THREAT Act Now

Traccar is an open source GPS tracking system. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS File Upload Traccar
NVD GitHub
CVSS 3.1
9.6
EPSS
17.6%
CVE-2024-2221 CRITICAL POC PATCH Act Now

qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass RCE Path Traversal File Upload Qdrant
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2024-1728 PyPI HIGH POC PATCH THREAT This Week

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal File Upload Gradio
NVD GitHub
CVSS 3.1
7.5
EPSS
85.4%
CVE-2024-24809 HIGH POC THREAT Act Now

Traccar is an open source GPS tracking system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal XSS File Upload
NVD GitHub
CVSS 3.1
8.5
EPSS
54.4%
CVE-2024-3521 MEDIUM This Month

A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
1.2%
CVE-2024-27665 MEDIUM This Month

Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-2847 MEDIUM PATCH This Month

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress File Upload Wordpress File Upload
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-2340 MEDIUM POC THREAT This Month

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 58.2%.

Information Disclosure WordPress File Upload Avada
NVD
CVSS 3.1
5.3
EPSS
58.2%
Threat
4.3
CVE-2024-2334 MEDIUM This Month

The Template Kit - Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS File Upload
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-2125 HIGH This Week

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress CSRF Envialosimple
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-31454 npm MEDIUM PATCH This Month

PsiTransfer is an open source, self-hosted file sharing solution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-31453 npm MEDIUM PATCH This Month

PsiTransfer is an open source, self-hosted file sharing solution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-3444 MEDIUM This Month

A vulnerability was found in Wangshen SecGate 3600 up to 20240408. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-3437 MEDIUM POC This Month

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Prison Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
1.1%
CVE-2024-3436 HIGH POC This Week

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Prison Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-31345 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2024-31292 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.1.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2024-31286 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2024-31280 CRITICAL PATCH Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.1.5. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload
NVD VulDB
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-3369 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Car Rental
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-30849 CRITICAL POC Act Now

Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP File Upload Complete E Commerce Site
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2024-31210 HIGH This Week

WordPress is an open publishing platform for the Web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP File Upload
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-29387 HIGH POC This Week

projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Projeqtor
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-28520 MEDIUM This Month

File Upload vulnerability in Byzoro Networks Smart multi-service security gateway intelligent management platform version S210, allows an attacker to obtain sensitive information via the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-3022 HIGH POC PATCH This Week

Authenticated arbitrary file upload in the BookingPress WordPress plugin (versions through 1.0.87) enables remote code execution by administrator-level users who can upload malicious files via the 'bookingpress_process_upload' function. Publicly available exploit code exists and EPSS places this in the 92nd percentile (8.31% probability), indicating elevated likelihood of exploitation attempts despite the high-privilege requirement. The flaw affects the free WordPress edition distributed by Repute InfoSystems.

File Upload RCE WordPress Bookingpress
NVD
CVSS 3.1
7.2
EPSS
8.3%
CVE-2024-27951 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin - MPG allows Upload a Web Shell to a Web Server.4.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Multiple Page Generator
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-31012 CRITICAL POC Act Now

An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-29514 HIGH POC This Week

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Leptoncms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-3129 MEDIUM POC This Month

A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Image Accordion Gallery App
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.7%
CVE-2024-30533 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Techeshta Layouts for Elementor.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-31115 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2024-31114 CRITICAL Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.2.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 48.7% and no vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
48.7%
CVE-2024-3117 MEDIUM This Month

A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Youdiancms
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.6%
CVE-2024-30510 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.5. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Salon Booking System
NVD
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-30500 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP - All-in-One Dynamic Content Framework.1.12. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cubewp
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2024-28713 CRITICAL POC Act Now

An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Mblog
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-2890 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2024-29100 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ai Engine
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-29891 Go HIGH PATCH This Week

ZITADEL users can upload their own avatar image and various image types are allowed. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Google Mozilla File Upload Zitadel
NVD GitHub
CVSS 3.1
8.7
EPSS
0.8%
CVE-2023-49815 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.0.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2024-1532 MEDIUM This Month

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-1531 HIGH This Week

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2024-2930 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Music Gallery Site
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-48777 CRITICAL POC THREAT Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.3.0 through 3.18.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.8%.

File Upload Website Builder Elementor
NVD
CVSS 3.1
9.9
EPSS
90.8%
Threat
6.2
CVE-2023-48275 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.0.2. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Google File Upload
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2023-47873 CRITICAL POC THREAT Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.0.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

File Upload Wp Child Theme Generator
NVD
CVSS 3.1
9.1
EPSS
13.0%
CVE-2023-47846 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.16.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Githuber Md
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-47842 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-39307 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.11.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

File Upload Avada
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2023-38388 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.3.5. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.9% and no vendor patch available.

File Upload Jupiter X Core
NVD
CVSS 3.1
9.0
EPSS
22.9%
CVE-2023-29386 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2023-6091 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.7.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-27440 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.4.17. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-23656 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.5%
CVE-2024-30231 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.4.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Product Import Export For Woocommerce
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2024-29515 HIGH POC This Week

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Leptoncms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2024-28105 PHP HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP PostgreSQL File Upload Phpmyfaq
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2024-28435 MEDIUM POC This Month

The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF File Upload Twenty
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-28434 HIGH POC This Week

The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Twenty
NVD GitHub
CVSS 3.1
7.6
EPSS
0.7%
CVE-2024-2863 CRITICAL POC THREAT Act Now

This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Lg Led Assistant
NVD
CVSS 3.1
9.8
EPSS
64.0%
CVE-2024-2849 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple File Manager Web App
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2024-29272 npm MEDIUM POC PATCH This Month

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP File Upload Vvvebjs
NVD GitHub
CVSS 3.1
6.5
EPSS
9.4%
CVE-2024-28441 CRITICAL POC Act Now

File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Magicflue
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2024-27921 PHP HIGH POC PATCH THREAT This Week

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Information Disclosure File Upload Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
60.6%
CVE-2024-1727 PyPI MEDIUM POC PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Denial Of Service File Upload Gradio
NVD GitHub
CVSS 3.0
4.3
EPSS
0.4%
CVE-2024-27964 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.6.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Zippy
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-2754 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Complete E Commerce Site
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-29859 CRITICAL PATCH Act Now

In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.9.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay.5.11. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

File Upload Forminator
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An arbitrary file upload vulnerability in the file handling module of moziloCMS v2.0 allows attackers to bypass extension restrictions via file renaming, potentially leading to unauthorized file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mozilocms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Dedecms
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti File Upload Avalanche
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in SourceCodester Home Clean Service System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Library System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

jizhiCMS 2.5 suffers from a File upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Jizhicms
NVD GitHub VulDB
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Poll Maker
NVD
EPSS 1% CVSS 8.8
HIGH This Week

File Upload vulnerability in Shibang Communications Co., Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tourism Management System
NVD GitHub Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via tms/admin/create-package.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Tourism Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The executable file warning was not presented when downloading .xrm-ms files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Mozilla File Upload +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Path Traversal RCE +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408.1.5/server/fileupload2.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH This Week

The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Qbibot
NVD
EPSS 0% CVSS 2.4
LOW Monitor

A vulnerability, which was classified as problematic, has been found in slowlyo OwlAdmin up to 3.5.7. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload
NVD GitHub VulDB
EPSS 1% CVSS 7.5
HIGH POC This Week

A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Nginxwebui
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Opengnsys
NVD
EPSS 93% 6.3 CVSS 10.0
CRITICAL POC THREAT Emergency

Unrestricted file upload in Jordy Meow's AI Engine: ChatGPT Chatbot plugin for WordPress (versions up to and including 1.9.98) allows remote attackers to upload arbitrary files of dangerous types, including executable PHP scripts, leading to remote code execution on the underlying web server. With a maximum CVSS score of 10.0, an EPSS score of 92.78% (100th percentile), and publicly available exploit code, this represents an extreme-priority issue for any WordPress site running the plugin.

File Upload Ai Engine
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress File Upload +1
NVD
EPSS 18% CVSS 9.6
CRITICAL POC PATCH THREAT Act Now

Traccar is an open source GPS tracking system. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS File Upload +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass RCE Path Traversal +2
NVD GitHub
EPSS 85% CVSS 7.5
HIGH POC PATCH THREAT This Week

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal File Upload +1
NVD GitHub
EPSS 54% CVSS 8.5
HIGH POC THREAT Act Now

Traccar is an open source GPS tracking system. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal XSS File Upload
NVD GitHub
EPSS 1% CVSS 4.7
MEDIUM This Month

A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The WordPress File Upload plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.24.5 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress File Upload +1
NVD
EPSS 58% 4.3 CVSS 5.3
MEDIUM POC THREAT This Month

The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 58.2%.

Information Disclosure WordPress File Upload +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The Template Kit - Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS File Upload
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress CSRF +1
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

PsiTransfer is an open source, self-hosted file sharing solution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

PsiTransfer is an open source, self-hosted file sharing solution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM This Month

A vulnerability was found in Wangshen SecGate 3600 up to 20240408. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD VulDB GitHub
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Prison Management System
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Prison Management System
NVD GitHub VulDB
EPSS 1% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.1.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.1.5. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Car Rental
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload vulnerability in Sourcecodester Complete E-Commerce Site v1.0, allows remote attackers to execute arbitrary code via filename parameter in admin/products_photo.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI RCE PHP +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

WordPress is an open publishing platform for the Web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP File Upload
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

projeqtor up to 11.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /view/print.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

File Upload vulnerability in Byzoro Networks Smart multi-service security gateway intelligent management platform version S210, allows an attacker to obtain sensitive information via the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PHP File Upload
NVD GitHub
EPSS 8% CVSS 7.2
HIGH POC PATCH This Week

Authenticated arbitrary file upload in the BookingPress WordPress plugin (versions through 1.0.87) enables remote code execution by administrator-level users who can upload malicious files via the 'bookingpress_process_upload' function. Publicly available exploit code exists and EPSS places this in the 92nd percentile (8.31% probability), indicating elevated likelihood of exploitation attempts despite the high-privilege requirement. The flaw affects the free WordPress edition distributed by Repute InfoSystems.

File Upload RCE WordPress +1
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themeisle Multiple Page Generator Plugin - MPG allows Upload a Web Shell to a Web Server.4.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Multiple Page Generator
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM POC This Month

A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Image Accordion Gallery App
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Techeshta Layouts for Elementor.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in QuanticaLabs Chauffeur Taxi Booking System for WordPress.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress File Upload
NVD
EPSS 49% CVSS 9.1
CRITICAL Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in biplob018 Shortcode Addons.2.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 48.7% and no vendor patch available.

File Upload
NVD
EPSS 1% CVSS 4.7
MEDIUM This Month

A vulnerability classified as critical was found in YouDianCMS up to 9.5.12. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Youdiancms
NVD GitHub VulDB
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Salon Booking System Salon booking system.5. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Salon Booking System
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in CubeWP CubeWP - All-in-One Dynamic Content Framework.1.12. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cubewp
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Mblog
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Tumult Inc. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.1.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ai Engine
NVD
EPSS 1% CVSS 8.7
HIGH PATCH This Week

ZITADEL users can upload their own avatar image and various image types are allowed. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Google Mozilla +2
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WappPress Team WappPress.0.3. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 8.2
HIGH This Week

A vulnerability exists in the stb-language file handling that affects the RTU500 series product versions listed below. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Music Gallery Site
NVD GitHub VulDB
EPSS 91% 6.2 CVSS 9.9
CRITICAL POC THREAT Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.3.0 through 3.18.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.8%.

File Upload Website Builder Elementor
NVD
EPSS 0% CVSS 8.0
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.0.2. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. No vendor patch available.

Google File Upload
NVD
EPSS 13% CVSS 9.1
CRITICAL POC THREAT Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.0.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

File Upload Wp Child Theme Generator
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.16.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Wp Githuber Md
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Zachary Segal CataBlog.7.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 8.5
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeFusion Avada.11.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

File Upload Avada
NVD
EPSS 23% CVSS 9.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.3.5. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.9% and no vendor patch available.

File Upload Jupiter X Core
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in mndpsingh287 Theme Editor.7.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.4.17. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.4.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress File Upload Product Import Export For Woocommerce
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP PostgreSQL +2
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF File Upload Twenty
NVD GitHub
EPSS 1% CVSS 7.6
HIGH POC This Week

The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Twenty
NVD GitHub
EPSS 64% CVSS 9.8
CRITICAL POC THREAT Act Now

This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Lg Led Assistant
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simple File Manager Web App
NVD GitHub VulDB
EPSS 9% CVSS 6.5
MEDIUM POC PATCH This Month

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Magicflue
NVD GitHub
EPSS 61% CVSS 8.8
HIGH POC PATCH THREAT This Week

Grav is an open-source, flat-file content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Denial Of Service File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.6.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Zippy
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Complete E Commerce Site
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Misp
NVD GitHub VulDB
Prev Page 22 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy