Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4561 | 2025-05-12 | N/A | 8.8 HIGH | ||
| The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privilege to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | |||||
| CVE-2025-4556 | 2025-05-12 | N/A | 9.8 CRITICAL | ||
| The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | |||||
| CVE-2020-26629 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-09 | N/A | 9.8 CRITICAL |
| A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. | |||||
| CVE-2025-4403 | 2025-05-09 | N/A | 9.8 CRITICAL | ||
| The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user-supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-3455 | 2025-05-09 | N/A | 8.8 HIGH | ||
| The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-11617 | 2025-05-09 | N/A | 9.8 CRITICAL | ||
| The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2022-43283 | 1 Webassembly | 1 Wabt | 2025-05-08 | N/A | 5.5 MEDIUM |
| wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. | |||||
| CVE-2024-22515 | 1 Ispyconnect | 1 Agent Dvr | 2025-05-08 | N/A | 8.8 HIGH |
| Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. | |||||
| CVE-2024-24350 | 1 Softwarepublico | 1 E-sic Livre | 2025-05-08 | N/A | 8.8 HIGH |
| File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component. | |||||
| CVE-2025-23213 | 1 Tandoor | 1 Recipes | 2025-05-08 | N/A | 5.4 MEDIUM |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28. | |||||
| CVE-2022-31366 | 1 Eve-ng | 1 Eve-ng | 2025-05-08 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. | |||||
| CVE-2022-42198 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | N/A | 8.8 HIGH |
| In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. | |||||
| CVE-2022-42201 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | N/A | 7.2 HIGH |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. | |||||
| CVE-2024-23759 | 1 Gambio | 1 Gambio | 2025-05-07 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | |||||
| CVE-2022-36452 | 1 Mitel | 1 Micollab | 2025-05-07 | N/A | 9.8 CRITICAL |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. | |||||
| CVE-2022-41711 | 1 Uatech | 1 Badaso | 2025-05-07 | N/A | 9.8 CRITICAL |
| Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | |||||
| CVE-2022-39977 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-07 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | |||||
| CVE-2022-39978 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-07 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | |||||
| CVE-2025-0471 | 1 Sigb | 1 Pmb | 2025-05-07 | N/A | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely. | |||||
| CVE-2025-0472 | 1 Sigb | 1 Pmb | 2025-05-07 | N/A | 7.5 HIGH |
| Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response. | |||||