Total
3838 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7063 | 1 Widzialni | 1 Pad Cms | 2025-11-26 | N/A | 9.8 CRITICAL |
| Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability. | |||||
| CVE-2025-7065 | 1 Widzialni | 1 Pad Cms | 2025-11-26 | N/A | 9.8 CRITICAL |
| Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability. | |||||
| CVE-2025-8120 | 1 Widzialni | 1 Pad Cms | 2025-11-26 | N/A | 9.8 CRITICAL |
| Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution.This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability. | |||||
| CVE-2013-10044 | 1 Open-emr | 1 Openemr | 2025-11-26 | N/A | 8.8 HIGH |
| An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system. | |||||
| CVE-2025-12973 | 2025-11-25 | N/A | 7.2 HIGH | ||
| The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeFile() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-13376 | 2025-11-25 | N/A | 7.2 HIGH | ||
| The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-7330 | 2025-11-25 | N/A | N/A | ||
| Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of file type, path, or extension. A remote attacker can upload a crafted PHP file and then access it from the web root, resulting in arbitrary code execution in the context of the web service. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-14 UTC. | |||||
| CVE-2021-4462 | 1 Skittles | 1 Employee Records System | 2025-11-24 | N/A | 9.8 CRITICAL |
| Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC. | |||||
| CVE-2024-8164 | 1 Beikeshop | 1 Beikeshop | 2025-11-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded. | |||||
| CVE-2025-13185 | 1 Bdtask | 1 News365 | 2025-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profile_image/banner_image results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12223 | 1 Bdtask | 1 Flight Booking Software | 2025-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in Bdtask Flight Booking Software up to 3.1. This affects an unknown part of the file /b2c/package-information of the component Package Information Module. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12222 | 1 Bdtask | 1 Flight Booking Software | 2025-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in Bdtask Flight Booking Software up to 3.1. Affected by this issue is some unknown functionality of the file /admin/transaction/deposit of the component Deposit Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-41735 | 1 Metz-connect | 6 Ewio2-bm, Ewio2-bm Firmware, Ewio2-m and 3 more | 2025-11-21 | N/A | 8.8 HIGH |
| A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution. | |||||
| CVE-2025-64176 | 1 Matiasdesuu | 1 Thinkdashboard | 2025-11-21 | N/A | 5.3 MEDIUM |
| ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a backup, an attacker can first choose a .zip file to bypass the client-side file-type verification. This could lead to stored XSS, or be used for other nefarious purposes such as malware distribution. This issue is fixed in version 0.6.8. | |||||
| CVE-2025-64759 | 2025-11-21 | N/A | 8.1 HIGH | ||
| Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an attacker's account to the "credentials-admin" group, giving them full administrative access, if a user logged in as an administrator was to view the page which renders or redirects to the SVG. This issue has been patched in version 1.43.3. | |||||
| CVE-2025-0645 | 2025-11-21 | N/A | 7.2 HIGH | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Pyxis Signage: through 31012025. | |||||
| CVE-2025-13156 | 2025-11-21 | N/A | 8.8 HIGH | ||
| The Vitepos – Point of Sale (POS) for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the insert_media_attachment() function in all versions up to, and including, 3.3.0. This is due to the save_update_category_img() function accepting user-supplied file types without validation when processing category images. This makes it possible for authenticated attackers, with subscriber level access and above, to upload arbitrary files on the affected site's server which makes remote code execution possible. | |||||
| CVE-2025-12138 | 2025-11-21 | N/A | 8.8 HIGH | ||
| The URL Image Importer plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.0.6. This is due to the plugin relying on a user-controlled Content-Type HTTP header to validate file uploads in the 'uimptr_import_image_from_url()' function which writes the file to the server before performing proper validation. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible via the uploaded PHP file. | |||||
| CVE-2025-7895 | 1 Harry0703 | 1 Moneyprinterturbo | 2025-11-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. | |||||
| CVE-2025-34046 | 2025-11-20 | N/A | N/A | ||
| An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly validates uploaded files when invoked with certain parameters (uploadType=eoffice_logo or uploadType=theme). An attacker can exploit this flaw by sending a crafted HTTP POST request to upload arbitrary files without requiring authentication. Successful exploitation could enable remote code execution on the affected server, leading to complete compromise of the web application and potentially the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC. | |||||