Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34076 | 1 Phpok | 1 Phpok | 2025-01-27 | N/A | 8.8 HIGH |
| File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. | |||||
| CVE-2023-29657 | 1 Extplorer | 1 Extplorer | 2025-01-24 | N/A | 8.8 HIGH |
| eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions. | |||||
| CVE-2023-30247 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2025-01-24 | N/A | 9.8 CRITICAL |
| File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. | |||||
| CVE-2024-13091 | 1 Wpbot | 1 Wpot | 2025-01-24 | N/A | 9.8 CRITICAL |
| The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin. | |||||
| CVE-2025-0702 | 2025-01-24 | N/A | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2024-25994 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-01-24 | N/A | N/A |
| An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. | |||||
| CVE-2023-30333 | 1 Perfree | 1 Perfreeblog | 2025-01-23 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2023-31576 | 1 S9y | 1 Serendipity | 2025-01-23 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. | |||||
| CVE-2023-31857 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2025-01-23 | N/A | 9.8 CRITICAL |
| Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save. | |||||
| CVE-2025-23942 | 2025-01-22 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server. This issue affects WP Load Gallery: from n/a through 2.1.6. | |||||
| CVE-2025-23921 | 2025-01-22 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Multi Uploader for Gravity Forms allows Upload a Web Shell to a Web Server. This issue affects Multi Uploader for Gravity Forms: from n/a through 1.1.3. | |||||
| CVE-2025-23918 | 2025-01-22 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Smallerik File Browser allows Upload a Web Shell to a Web Server. This issue affects Smallerik File Browser: from n/a through 1.1. | |||||
| CVE-2025-23953 | 2025-01-22 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server. This issue affects user files: from n/a through 2.4.2. | |||||
| CVE-2024-3488 | 1 Microfocus | 1 Imanager | 2025-01-21 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication. | |||||
| CVE-2024-4197 | 1 Avaya | 1 Ip Office | 2025-01-21 | N/A | 9.8 CRITICAL |
| An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1. | |||||
| CVE-2025-22723 | 2025-01-21 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Upload a Web Shell to a Web Server. This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.7. | |||||
| CVE-2024-51919 | 2025-01-21 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3. | |||||
| CVE-2023-28652 | 1 Sauter-controls | 2 Ey-as525f001, Ey-as525f001 Firmware | 2025-01-17 | N/A | 6.5 MEDIUM |
| An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. | |||||
| CVE-2005-0254 | 1 Guillaumegardey | 1 Biborb | 2025-01-16 | 4.3 MEDIUM | N/A |
| BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files. | |||||
| CVE-2024-1311 | 1 Brizy | 1 Brizy | 2025-01-16 | N/A | N/A |
| The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||