Lucene search

K

Enable SVG, WebP & ICO Upload Security Vulnerabilities

nvd
nvd

CVE-2024-3912

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...

9.8CVSS

0.001EPSS

2024-06-14 10:15 AM
4
vulnrichment
vulnrichment

CVE-2024-3912 ASUS Router - Upload arbitrary firmware

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...

9.8CVSS

8.1AI Score

0.001EPSS

2024-06-14 09:29 AM
28
cvelist
cvelist

CVE-2024-3912 ASUS Router - Upload arbitrary firmware

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...

9.8CVSS

0.001EPSS

2024-06-14 09:29 AM
8
veracode
veracode

Deserialization Of Untrusted Data

MLflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling user-supplied data in the sklearn/init.py within the loadmodelfromlocalfile function, which allows an attacker to inject a malicious pickle object into a model file on upload which will then be...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-14 09:11 AM
cve
cve

CVE-2024-4270

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

5.5AI Score

0.0004EPSS

2024-06-14 06:15 AM
23
cve
cve

CVE-2024-4271

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

5.5AI Score

0.0004EPSS

2024-06-14 06:15 AM
23
nvd
nvd

CVE-2024-4270

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

0.0004EPSS

2024-06-14 06:15 AM
7
nvd
nvd

CVE-2024-4271

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

0.0004EPSS

2024-06-14 06:15 AM
6
vulnrichment
vulnrichment

CVE-2024-4271 SVGator <= 1.2.6 - Stored XSS via SVG Upload

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

5.9AI Score

0.0004EPSS

2024-06-14 06:00 AM
2
cvelist
cvelist

CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

0.0004EPSS

2024-06-14 06:00 AM
4
cvelist
cvelist

CVE-2024-4271 SVGator <= 1.2.6 - Stored XSS via SVG Upload

The SVGator WordPress plugin through 1.2.6 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

0.0004EPSS

2024-06-14 06:00 AM
4
vulnrichment
vulnrichment

CVE-2024-4270 SVGMagic <= 1.1 - Stored XSS via SVG Upload

The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS...

5.8AI Score

0.0004EPSS

2024-06-14 06:00 AM
2
cve
cve

CVE-2024-3496

Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference...

8.8CVSS

9.1AI Score

0.0004EPSS

2024-06-14 05:15 AM
26
nvd
nvd

CVE-2024-3496

Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference...

8.8CVSS

0.0004EPSS

2024-06-14 05:15 AM
2
nvd
nvd

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

0.001EPSS

2024-06-14 04:15 AM
3
cve
cve

CVE-2024-31161

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

7.3AI Score

0.001EPSS

2024-06-14 04:15 AM
22
cve
cve

CVE-2024-27171

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference...

7.4CVSS

7.7AI Score

0.0004EPSS

2024-06-14 04:15 AM
22
nvd
nvd

CVE-2024-27171

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference...

7.4CVSS

0.0004EPSS

2024-06-14 04:15 AM
2
cvelist
cvelist

CVE-2024-3496 Authentication Bypass Vulnerability

Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference...

8.8CVSS

0.0004EPSS

2024-06-14 04:13 AM
cvelist
cvelist

CVE-2024-27174 insecure upload

Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this...

9.8CVSS

0.0004EPSS

2024-06-14 04:03 AM
2
vulnrichment
vulnrichment

CVE-2024-27174 insecure upload

Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this...

9.8CVSS

7.7AI Score

0.0004EPSS

2024-06-14 04:03 AM
2
cvelist
cvelist

CVE-2024-27173 insecure upload

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...

9.8CVSS

0.0004EPSS

2024-06-14 04:01 AM
1
vulnrichment
vulnrichment

CVE-2024-27173 insecure upload

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...

9.8CVSS

8AI Score

0.0004EPSS

2024-06-14 04:01 AM
cvelist
cvelist

CVE-2024-27171 Insecure permissions

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference...

7.4CVSS

0.0004EPSS

2024-06-14 03:59 AM
1
vulnrichment
vulnrichment

CVE-2024-27171 Insecure permissions

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference...

7.4CVSS

7.5AI Score

0.0004EPSS

2024-06-14 03:59 AM
2
cvelist
cvelist

CVE-2024-31161 ASUS Download Master - Arbitrary File Upload

The upload functionality of ASUS Download Master does not properly filter user input. Remote attackers with administrative privilege can exploit this vulnerability to upload any file to any location. They may even upload malicious web page files to the website directory, allowing arbitrary system.....

7.2CVSS

0.001EPSS

2024-06-14 03:53 AM
cve
cve

CVE-2024-27145

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...

9.8CVSS

9.8AI Score

0.0004EPSS

2024-06-14 03:15 AM
21
nvd
nvd

CVE-2024-27145

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...

9.8CVSS

0.0004EPSS

2024-06-14 03:15 AM
3
cve
cve

CVE-2024-27144

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer....

9.8CVSS

9.6AI Score

0.0004EPSS

2024-06-14 03:15 AM
23
nvd
nvd

CVE-2024-27144

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer....

9.8CVSS

0.0004EPSS

2024-06-14 03:15 AM
1
cvelist
cvelist

CVE-2024-27145 Multiple Post-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...

9.8CVSS

0.0004EPSS

2024-06-14 02:33 AM
1
vulnrichment
vulnrichment

CVE-2024-27145 Multiple Post-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...

9.8CVSS

7.3AI Score

0.0004EPSS

2024-06-14 02:33 AM
1
cvelist
cvelist

CVE-2024-27144 Pre-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer....

9.8CVSS

0.0004EPSS

2024-06-14 02:31 AM
vulnrichment
vulnrichment

CVE-2024-27144 Pre-authenticated Remote Code Execution

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer....

9.8CVSS

7.3AI Score

0.0004EPSS

2024-06-14 02:31 AM
exploitdb

9.8CVSS

7.4AI Score

0.005EPSS

2024-06-14 12:00 AM
90
packetstorm

7.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
91
exploitdb

7.4AI Score

0.0004EPSS

2024-06-14 12:00 AM
98
cvelist
cvelist

CVE-2024-36598

An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image...

0.0004EPSS

2024-06-14 12:00 AM
vulnrichment
vulnrichment

CVE-2024-36598

An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image...

7.8AI Score

0.0004EPSS

2024-06-14 12:00 AM
1
packetstorm

7.4AI Score

2024-06-14 12:00 AM
79
packetstorm

7.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
85
wpvulndb
wpvulndb

FooEvents for WooCommerce < 1.19.21 - Improper Authorization to (Contributor+) Arbitrary File Upload

Description The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with.....

7.1CVSS

7.6AI Score

0.001EPSS

2024-06-14 12:00 AM
2
nessus
nessus

SUSE SLES15 Security Update : python-Pillow (SUSE-SU-2024:1673-2)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1673-2 advisory. - Fixed ImagePath.Path array handling (bsc#1194552, CVE-2022-22815, bsc#1194551, CVE-2022-22816) - Use snprintf instead of sprintf (bsc#1188574,....

9.8CVSS

7.9AI Score

0.007EPSS

2024-06-14 12:00 AM
1
packetstorm

7.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
75
nessus
nessus

Rocky Linux 8 : exempi (RLSA-2024:3066)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3066 advisory. * exempi: denial of service via opening of crafted audio file with ID3V2 frame (CVE-2020-18651) * exempi: denial of service via opening of crafted webp...

6.5CVSS

7.3AI Score

0.001EPSS

2024-06-14 12:00 AM
2
Total number of security vulnerabilities68757