Total
3305 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30968 | 2024-11-21 | 6.8 Medium | ||
| One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack. | ||||
| CVE-2023-30962 | 1 Palantir | 1 Gotham Cerberus | 2024-11-21 | 6.8 Medium |
| The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 . | ||||
| CVE-2023-30791 | 1 Plane | 1 Plane | 2024-11-21 | 7.1 High |
| Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. | ||||
| CVE-2023-2924 | 1 Supcontech | 2 Simfield, Simfield Firmware | 2024-11-21 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2738 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2523 | 1 E-office | 1 E-office | 2024-11-21 | 7.3 High |
| A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2424 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-2419 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 4.7 Medium |
| A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716. | ||||
| CVE-2023-2071 | 1 Rockwellautomation | 2 Factorytalk View, Panelview Plus | 2024-11-21 | 9.8 Critical |
| Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files. By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function. | ||||
| CVE-2023-29770 | 1 Sapplica | 1 Sentrifugo | 2024-11-21 | 8.8 High |
| In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. | ||||
| CVE-2023-29386 | 2024-11-21 | 9.1 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0. | ||||
| CVE-2023-29384 | 1 Hmplugin | 1 Jobwp | 2024-11-21 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. | ||||
| CVE-2023-29102 | 1 Olivethemes | 1 Olive One Click Demo Import | 2024-11-21 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. | ||||
| CVE-2023-28482 | 1 Tigergraph | 1 Tigergraph | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Tigergraph Enterprise 3.7.0. A single TigerGraph instance can host multiple graphs that are accessed by multiple different users. The TigerGraph platform does not protect the confidentiality of any data uploaded to the remote server. In this scenario, any user that has permissions to upload data can browse data uploaded by any other user (irrespective of their permissions). | ||||
| CVE-2023-28480 | 1 Tigergraph | 1 Tigergraph | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph platform allows users to define new User Defined Functions (UDFs) from C/C++ code. To support this functionality TigerGraph allows users to upload custom C/C++ code which is then compiled and installed into the platform. An attacker who has filesystem access on a remote TigerGraph system can alter the behavior of the database against the will of the database administrator; thus effectively bypassing the built in RBAC controls. | ||||
| CVE-2023-28170 | 1 Themely | 1 Theme Demo Import | 2024-11-21 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.This issue affects Theme Demo Import: from n/a through 1.1.1. | ||||
| CVE-2023-26775 | 1 Monitorr | 1 Monitorr | 2024-11-21 | 7.8 High |
| File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. | ||||
| CVE-2023-26578 | 1 Idattend | 1 Idweb | 2024-11-21 | 8.8 High |
| Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. | ||||
| CVE-2023-25970 | 1 Zendrop | 1 Zendrop | 2024-11-21 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Zendrop Zendrop – Global Dropshipping.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. | ||||
| CVE-2023-25444 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.7. | ||||