Total
3085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-23213 | 1 Tandoor | 1 Recipes | 2025-05-08 | N/A | 8.7 HIGH |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28. | |||||
| CVE-2024-25925 | 1 Sysbasics | 1 Easy Checkout Field Editor | 2025-05-08 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12. | |||||
| CVE-2024-25913 | 1 Skymoonlabs | 1 Moveto | 2025-05-08 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | |||||
| CVE-2022-42198 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | N/A | 8.8 HIGH |
| In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. | |||||
| CVE-2022-31366 | 1 Eve-ng | 1 Eve-ng | 2025-05-08 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. | |||||
| CVE-2022-42201 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | N/A | 7.2 HIGH |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. | |||||
| CVE-2024-25909 | 1 Joomunited | 1 Wp Media Folder | 2025-05-08 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | |||||
| CVE-2024-23759 | 1 Gambio | 1 Gambio | 2025-05-07 | N/A | 9.8 CRITICAL |
| Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | |||||
| CVE-2022-36452 | 1 Mitel | 1 Micollab | 2025-05-07 | N/A | 9.8 CRITICAL |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. | |||||
| CVE-2022-41711 | 1 Uatech | 1 Badaso | 2025-05-07 | N/A | 9.8 CRITICAL |
| Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | |||||
| CVE-2022-39978 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-07 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | |||||
| CVE-2022-39977 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-07 | N/A | 7.2 HIGH |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | |||||
| CVE-2025-0471 | 1 Sigb | 1 Pmb | 2025-05-07 | N/A | 9.9 CRITICAL |
| Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely. | |||||
| CVE-2025-0472 | 1 Sigb | 1 Pmb | 2025-05-07 | N/A | 7.5 HIGH |
| Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response. | |||||
| CVE-2022-43231 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-07 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-42189 | 1 Emlog | 1 Emlog | 2025-05-07 | N/A | 7.2 HIGH |
| Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. | |||||
| CVE-2022-43275 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-07 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2025-4305 | 2025-05-07 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in kefaming mayi up to 1.3.9 and classified as critical. This vulnerability affects the function Upload of the file app/tools/controller/File.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4291 | 2025-05-07 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4333 | 2025-05-07 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the argument uploadFile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. | |||||