A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote cod...
7.2CVSS
7.4AI Score
0.0004EPSS
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote cod...
7.2CVSS
7.6AI Score
0.0004EPSS
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code...
7.2CVSS
7.5AI Score
0.0004EPSS
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the system. By replacing specific files, an attacker could tamper specific files or even achieve remote code...
7.2CVSS
7.3AI Score
0.0004EPSS
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system...
9.8CVSS
7.7AI Score
0.0004EPSS
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this vulnerability and achieve arbitrary code execution with system...
9.8CVSS
9.7AI Score
0.0004EPSS
CVE-2024-33006 File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise...
9.6CVSS
7AI Score
0.0004EPSS
CVE-2024-33006 File upload vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise...
9.6CVSS
9.5AI Score
0.0004EPSS
CVE-2024-32731 Missing Authorization check in SAP My Travel Requests
SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality,...
5.5CVSS
6AI Score
0.0004EPSS
Image Optimization by Optimole < 3.13.0 - Author+ Stored Cross-Site Scripting via SVG Upload
Description The Image Optimization by Optimole – Lazy Load, CDN, Convert WebP & AVIF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘allow_meme_types’ function in versions up to, and including, 3.12.10 due to insufficient input sanitization and output escaping. This...
6.4CVSS
5.9AI Score
0.001EPSS
Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection
Description The plugin lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page. PoC 1) Create a new post 2) Add and e-Learning block and upload a zip file 3) Select the "Insert As: Iframe" option 4) Intercept...
5.4CVSS
6.6AI Score
0.0004EPSS
Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE
Description The plugin is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files PoC Note: This must be tested on a web server running Apache 1) Create a new post 2) Add e-Learning block to the post and...
6.5AI Score
0.0004EPSS
Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE
Description The plugin is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip...
6.8AI Score
0.0004EPSS
7.4AI Score
Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection
Description The plugin lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any...
5.4CVSS
6.8AI Score
0.0004EPSS
The Events Calendar < 6.4.0.1 - Reflected XSS
Description The plugin does not properly sanitize user-submitted content when rendering some views via...
6.8AI Score
0.0004EPSS
NocoDB Allows Preview of Files with Dangerous Content
Summary Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack. PoC NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 (currently...
5.7CVSS
7.1AI Score
0.0004EPSS
NocoDB Allows Preview of Files with Dangerous Content
Summary Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack. PoC NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 (currently...
5.7CVSS
7.1AI Score
0.0004EPSS
CVE-2023-50717 NocoDB Allows Preview of File with Dangerous Content
NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack....
5.7CVSS
6.1AI Score
0.0004EPSS
CVE-2023-50717 NocoDB Allows Preview of File with Dangerous Content
NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack....
5.7CVSS
5.6AI Score
0.0004EPSS
We are pleased to announce that Microsoft has been recognized as a Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).1 We believe our position in the Leaders quadrant validates our vision and continued investments in Microsoft Sentinel making it a...
7AI Score
CVE-2024-4820 SourceCodester Online Computer and Laptop Store unrestricted upload
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....
6.3CVSS
6.9AI Score
0.0004EPSS
CVE-2024-4820 SourceCodester Online Computer and Laptop Store unrestricted upload
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/SystemSettings.php?f=update_settings. The manipulation leads to unrestricted upload. The attack can be....
6.3CVSS
6.7AI Score
0.0004EPSS
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire...
9.8CVSS
9.7AI Score
0.0004EPSS
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire...
9.8CVSS
6.9AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through...
10CVSS
9.7AI Score
0.0004EPSS
CVE-2024-34411 WordPress canvasio3D Light plugin <= 2.5.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through...
9.9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-34411 WordPress canvasio3D Light plugin <= 2.5.0 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Thomas Scholl canvasio3D Light.This issue affects canvasio3D Light: from n/a through...
9.9CVSS
9.7AI Score
0.0004EPSS
CVE-2024-34416 WordPress Pk Favicon Manager plugin <= 2.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through...
9.1CVSS
9.5AI Score
0.0004EPSS
CVE-2024-34416 WordPress Pk Favicon Manager plugin <= 2.1 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Pk Favicon Manager.This issue affects Pk Favicon Manager: from n/a through...
9.1CVSS
6.9AI Score
0.0004EPSS
CVE-2024-34440 WordPress AI Engine plugin <= 2.2.63 - Auth. Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through...
9.1CVSS
6.9AI Score
0.0004EPSS
CVE-2024-34440 WordPress AI Engine plugin <= 2.2.63 - Auth. Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through...
9.1CVSS
9.5AI Score
0.0004EPSS
CVE-2024-34555 WordPress Z-Downloads plugin <= 1.11.3 - Auth. Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through...
9.1CVSS
9.5AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through...
10CVSS
7.2AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through...
10CVSS
9.8AI Score
0.0004EPSS
CVE-2024-4809 SourceCodester Open Source Clinic Management System setting.php unrestricted upload
A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file setting.php. The manipulation of the argument logo leads to unrestricted upload. The attack can be launched...
6.3CVSS
6.7AI Score
0.0004EPSS
CVE-2024-4809 SourceCodester Open Source Clinic Management System setting.php unrestricted upload
A vulnerability has been found in SourceCodester Open Source Clinic Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file setting.php. The manipulation of the argument logo leads to unrestricted upload. The attack can be launched...
6.3CVSS
6.9AI Score
0.0004EPSS
7.4AI Score
Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2024-609)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-609 advisory. An issue was discovered in git where a client can convince upload-pack running on a server to allocate arbitrary amounts of memory, resulting in a possible denial of service. (ALAS2023-2024-609) ...
7.3AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
7.4AI Score
CVE-2024-2299 Stored Cross-Site Scripting (XSS) via Profile Picture Upload in parisneo/lollms-webui
A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this vulnerability by uploading malicious HTML files containing JavaScript code, which...
7.4CVSS
7AI Score
0.0004EPSS
CVE-2024-2299 Stored Cross-Site Scripting (XSS) via Profile Picture Upload in parisneo/lollms-webui
A stored Cross-Site Scripting (XSS) vulnerability exists in the parisneo/lollms-webui application due to improper validation of uploaded files in the profile picture upload functionality. Attackers can exploit this vulnerability by uploading malicious HTML files containing JavaScript code, which...
7.4CVSS
5.5AI Score
0.0004EPSS
CVE-2023-47711 IBM Security Guardium denial of service
IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow an authenticated user to upload files that would cause a denial of service. IBM X-Force ID: ...
2.7CVSS
3.8AI Score
0.0004EPSS
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...
6.4CVSS
5.8AI Score
0.001EPSS
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...
6.4CVSS
6AI Score
0.001EPSS
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers, with to...
9.8CVSS
10AI Score
0.001EPSS