Total
4073 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1002002 | 1 Webapp-builder Project | 1 Webapp-builder | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin webapp-builder v2.0, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com/ | |||||
| CVE-2017-1002001 | 1 Mobile-app-builder-by-wappress Project | 1 Mobile-app-builder-by-wappress | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | |||||
| CVE-2017-1002000 | 1 Mobile-friendly-app-builder-by-easytouch Project | 1 Mobile-friendly-app-builder-by-easytouch | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easytouch v3.0, The code in file ./mobile-friendly-app-builder-by-easytouch/server/images.php doesn't require authentication or check that the user is allowed to upload content. | |||||
| CVE-2017-1000238 | 1 Invoiceplane | 1 Invoiceplane | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. It is possible for an attacker to upload a script which is able to compromise the webserver. | |||||
| CVE-2017-1000194 | 1 Octobercms | 1 October | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | |||||
| CVE-2017-1000119 | 1 Octobercms | 1 October | 2026-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | |||||
| CVE-2017-1000081 | 1 Onosproject | 1 Onos | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | |||||
| CVE-2016-9492 | 1 Jqueryform | 1 Php Formmail Generator | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which may lead to execution of the contained PHP code if the attacker can guess the uploaded filename. The form by default appends a short random string to the end of the filename. | |||||
| CVE-2016-9268 | 1 Dotclear | 1 Dotclear | 2026-06-17 | 9.0 HIGH | 7.2 HIGH |
| Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors. | |||||
| CVE-2016-9187 | 1 Moodle | 1 Moodle | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | |||||
| CVE-2016-9186 | 1 Moodle | 1 Moodle | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | |||||
| CVE-2016-8973 | 1 Ibm | 1 Rational Rhapsody Design Manager | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability that may allow an authenticated user to upload infected malicious files to the server. IBM Reference #: 1999960. | |||||
| CVE-2016-8921 | 1 Ibm | 1 Filenet Workplace Xt | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||
| CVE-2016-8515 | 1 Hp | 1 Version Control Repository Manager | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| A remote malicious file upload vulnerability in HPE Version Control Repository Manager (VCRM) was found. The problem impacts all versions prior to 7.6. | |||||
| CVE-2016-7902 | 1 Dotclear | 1 Dotclear | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20. | |||||
| CVE-2016-7452 | 1 Exponentcms | 1 Exponent Cms | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal. | |||||
| CVE-2016-7443 | 1 Exponentcms | 1 Exponent Cms | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to "uploading files to wrong location." | |||||
| CVE-2016-7095 | 1 Exponentcms | 1 Exponent Cms | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | |||||
| CVE-2016-6918 | 1 Lexmark | 1 Markvision Enterprise | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. ( | |||||
| CVE-2016-6124 | 1 Ibm | 1 Kenexa Lms On Cloud | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | |||||