Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27860 | 1 Fatpipeinc | 6 Ipvpn, Ipvpn Firmware, Mpvpn and 3 more | 2025-04-02 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006. | |||||
| CVE-2016-3088 | 1 Apache | 1 Activemq | 2025-04-02 | 7.5 HIGH | 9.8 CRITICAL |
| The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. | |||||
| CVE-2022-47042 | 1 Mingsoft | 1 Mcms | 2025-04-02 | N/A | 8.8 HIGH |
| MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do. | |||||
| CVE-2022-40037 | 1 Javaweb Blog Project | 1 Javaweb Blog | 2025-04-02 | N/A | 9.8 CRITICAL |
| An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile. | |||||
| CVE-2022-3478 | 1 Gitlab | 1 Gitlab | 2025-04-02 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package. | |||||
| CVE-2025-2008 | 2025-04-01 | N/A | 8.8 HIGH | ||
| The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-2891 | 2025-04-01 | N/A | 8.8 HIGH | ||
| The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled. | |||||
| CVE-2025-31577 | 2025-04-01 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in appointify Appointify allows Upload a Web Shell to a Web Server. This issue affects Appointify: from n/a through 1.0.8. | |||||
| CVE-2025-2606 | 1 Mayurik | 1 Best Church Management Software | 2025-04-01 | N/A | N/A |
| A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/soulwinning_crud.php. The manipulation of the argument photo/photo1 leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2607 | 1 Phplaozhang | 1 Lzcms-laozhangbokexitong | 2025-04-01 | N/A | N/A |
| A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-40035 | 1 Blog-ssm Project | 1 Blog-ssm | 2025-04-01 | N/A | 8.8 HIGH |
| File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component. | |||||
| CVE-2025-2978 | 2025-03-31 | N/A | 6.3 MEDIUM | ||
| A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2249 | 2025-03-29 | N/A | 8.8 HIGH | ||
| The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2022-48008 | 1 Limesurvey | 1 Limesurvey | 2025-03-28 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-48006 | 1 Taogogo | 1 Taocms | 2025-03-28 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | |||||
| CVE-2022-47854 | 1 I-librarian | 1 I-librarian | 2025-03-27 | N/A | 9.8 CRITICAL |
| i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php. | |||||
| CVE-2025-2687 | 1 Phpgurukul | 1 Elearning System | 2025-03-27 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-47769 | 1 Serinf | 1 Fast Checkin | 2025-03-27 | N/A | 9.8 CRITICAL |
| An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell. | |||||
| CVE-2023-23135 | 1 Ftdms Project | 1 Ftdms | 2025-03-27 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file. | |||||
| CVE-2023-24610 | 1 Nosh Chartingsystem Project | 1 Nosh Chartingsystem | 2025-03-27 | N/A | 8.8 HIGH |
| NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting. | |||||