Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43050 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2025-05-05 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43305 | 1 Democritus | 1 D8s-python | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-43306 | 1 Democritus | 1 D8s-timer | 2025-05-05 | N/A | 8.8 HIGH |
| The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-43085 | 1 Codeastro | 1 Restaurant Pos System | 2025-05-05 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43083 | 1 Vehicle Booking System Project | 1 Vehicle Booking System | 2025-05-05 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43061 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-05-05 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2025-4259 | 2025-05-05 | N/A | 6.3 MEDIUM | ||
| A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | |||||
| CVE-2025-4258 | 2025-05-05 | N/A | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-44054 | 1 Democritus | 1 D8s-xml | 2025-05-01 | N/A | 9.8 CRITICAL |
| The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-43277 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/php_action/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-40797 | 1 Roxyfileman | 1 Roxy Fileman | 2025-05-01 | N/A | 9.8 CRITICAL |
| Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.) | |||||
| CVE-2022-43074 | 1 Ayacms Project | 1 Ayacms | 2025-05-01 | N/A | 9.8 CRITICAL |
| AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43146 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-01 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2018-15573 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability. | |||||
| CVE-2025-3969 | 1 Code-projects | 1 News Publishing Site Dashboard | 2025-04-30 | N/A | 9.8 CRITICAL |
| A vulnerability was found in codeprojects News Publishing Site Dashboard 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-category.php of the component Edit Category Page. The manipulation of the argument category_image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3830 | 1 Kuangstudy | 1 Kuangsimplebbs | 2025-04-30 | N/A | 9.8 CRITICAL |
| A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-43234 | 1 Hoosk | 1 Hoosk | 2025-04-30 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43265 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-04-30 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2024-4349 | 1 Donbermoy | 1 Pisay Online E-learning System | 2025-04-29 | N/A | N/A |
| A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability. | |||||
| CVE-2020-23591 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor. | |||||