Total
2954 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39436 | 2025-04-17 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0. | |||||
| CVE-2025-32652 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files. This issue affects Solace Extra: from n/a through 1.3.1. | |||||
| CVE-2025-32660 | 2025-04-17 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2. | |||||
| CVE-2025-3765 | 2025-04-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3764 | 2025-04-17 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This vulnerability affects unknown code of the file /edit-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-52044 | 1 Std42 | 1 Elfinder | 2025-04-17 | N/A | 9.8 CRITICAL |
| Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension. | |||||
| CVE-2022-46135 | 1 Aerocms Project | 1 Aerocms | 2025-04-17 | N/A | 7.2 HIGH |
| In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. | |||||
| CVE-2023-42248 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php". | |||||
| CVE-2022-46020 | 1 Wbce | 1 Wbce Cms | 2025-04-17 | N/A | 9.8 CRITICAL |
| WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. | |||||
| CVE-2024-46377 | 1 Mayurik | 1 Best House Rental Management System | 2025-04-16 | N/A | 9.8 CRITICAL |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. | |||||
| CVE-2024-33438 | 1 Cubecart | 1 Cubecart | 2025-04-16 | N/A | 8.0 HIGH |
| File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file. | |||||
| CVE-2024-31615 | 1 Thinkcmf | 1 Thinkcmf | 2025-04-16 | N/A | 9.8 CRITICAL |
| ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php. | |||||
| CVE-2022-0517 | 1 Mozilla | 1 Vpn | 2025-04-16 | N/A | 7.8 HIGH |
| Mozilla VPN can load an OpenSSL configuration file from an unsecured directory. A user or attacker with limited privileges could leverage this to launch arbitrary code with SYSTEM privilege. This vulnerability affects Mozilla VPN < 2.7.1. | |||||
| CVE-2023-42286 | 1 Eyoucms | 1 Eyoucms | 2025-04-16 | N/A | 9.8 CRITICAL |
| There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload. | |||||
| CVE-2020-29607 | 1 Pluck-cms | 1 Pluck | 2025-04-16 | 6.5 MEDIUM | 7.2 HIGH |
| A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution. | |||||
| CVE-2020-20969 | 1 Pluck-cms | 1 Pluck | 2025-04-16 | N/A | 7.2 HIGH |
| File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file. | |||||
| CVE-2025-26927 | 2025-04-16 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server. This issue affects AI Hub: from n/a through 1.3.3. | |||||
| CVE-2025-1980 | 2025-04-16 | N/A | N/A | ||
| The Ready_ application's Profile section allows users to upload files of any type and extension without restriction. If the server is misconfigured, as it was by default when installed at the turn of 2021 and 2022, it can result in Remote Code Execution. Refer to the Required Configuration for Exposure section for more information. | |||||
| CVE-2025-39557 | 2025-04-16 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Upload a Web Shell to a Web Server. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.14. | |||||
| CVE-2025-39538 | 2025-04-16 | N/A | 6.6 MEDIUM | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Mathieu Chartier WP-Advanced-Search allows Upload a Web Shell to a Web Server. This issue affects WP-Advanced-Search: from n/a through 3.3.9.3. | |||||