Vulnerabilities > Unrestricted Upload of File with Dangerous Type

DATE CVE VULNERABILITY TITLE RISK
2024-06-14 CVE-2024-3912 Certain models of ASUS routers have an arbitrary firmware upload vulnerability.
network
low complexity
CWE-434
critical
9.8
2024-06-14 CVE-2024-31161 The upload functionality of ASUS Download Master does not properly filter user input.
network
low complexity
CWE-434
7.2
2024-06-13 CVE-2024-34110 Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution.
network
low complexity
CWE-434
7.2
2024-06-10 CVE-2024-36415 Unrestricted Upload of File with Dangerous Type vulnerability in Salesagility Suitecrm
SuiteCRM is an open-source Customer Relationship Management (CRM) software application.
network
low complexity
salesagility CWE-434
8.8
2024-06-10 CVE-2024-35746 Unrestricted Upload of File with Dangerous Type vulnerability in Buddypress Cover Project Buddypress Cover 2.1.4.2
Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2.
network
low complexity
buddypress-cover-project CWE-434
critical
9.8
2024-06-07 CVE-2024-5734 Unrestricted Upload of File with Dangerous Type vulnerability in Online Discussion Forum Project Online Discussion Forum 1.0
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0.
network
low complexity
online-discussion-forum-project CWE-434
8.8
2024-06-04 CVE-2024-36858 Unrestricted Upload of File with Dangerous Type vulnerability in Homebrew JAN 0.4.12
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
homebrew CWE-434
critical
9.8
2024-06-04 CVE-2024-37273 Unrestricted Upload of File with Dangerous Type vulnerability in Homebrew JAN 0.4.12
An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
network
low complexity
homebrew CWE-434
critical
9.8
2024-06-04 CVE-2024-29974 ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device.
network
low complexity
CWE-434
critical
9.8
2024-05-15 CVE-2024-34906 Unrestricted Upload of File with Dangerous Type vulnerability in Dootask 0.30.13
An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.
network
low complexity
dootask CWE-434
5.4