Total
3084 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13156 | 1 Google | 1 Android | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847. | |||||
| CVE-2017-1002016 | 1 Flickr Picture Backup Project | 1 Flickr Picture Backup | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. | |||||
| CVE-2020-22539 | 1 Codologic | 1 Codoforum | 2025-04-18 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-32161 | 1 Jizhicms | 1 Jizhicms | 2025-04-18 | N/A | 9.8 CRITICAL |
| jizhiCMS 2.5 suffers from a File upload vulnerability. | |||||
| CVE-2024-31351 | 1 Copymatic | 1 Copymatic | 2025-04-18 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6. | |||||
| CVE-2024-48202 | 1 Thecosy | 1 Icecms | 2025-04-18 | N/A | 9.8 CRITICAL |
| icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile. | |||||
| CVE-2023-50692 | 1 Jizhicms | 1 Jizhicms | 2025-04-17 | N/A | 8.8 HIGH |
| File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | |||||
| CVE-2024-2599 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 9.9 CRITICAL |
| File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure. | |||||
| CVE-2025-27282 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files. This issue affects Theme File Duplicator: from n/a through 1.3. | |||||
| CVE-2025-31339 | 2025-04-17 | N/A | N/A | ||
| An unrestricted upload of file with dangerous type vulnerability in the course management function of Wisdom Master Pro versions 5.0 through 5.2 allows remote authenticated users to craft a malicious file. | |||||
| CVE-2025-32682 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34. | |||||
| CVE-2025-39436 | 2025-04-17 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0. | |||||
| CVE-2025-32652 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files. This issue affects Solace Extra: from n/a through 1.3.1. | |||||
| CVE-2025-32660 | 2025-04-17 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2. | |||||
| CVE-2023-52044 | 1 Std42 | 1 Elfinder | 2025-04-17 | N/A | 9.8 CRITICAL |
| Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension. | |||||
| CVE-2022-46135 | 1 Aerocms Project | 1 Aerocms | 2025-04-17 | N/A | 7.2 HIGH |
| In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. | |||||
| CVE-2023-42248 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | N/A | 6.5 MEDIUM |
| An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php". | |||||
| CVE-2022-46020 | 1 Wbce | 1 Wbce Cms | 2025-04-17 | N/A | 9.8 CRITICAL |
| WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. | |||||
| CVE-2024-46377 | 1 Mayurik | 1 Best House Rental Management System | 2025-04-16 | N/A | 9.8 CRITICAL |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. | |||||
| CVE-2024-33438 | 1 Cubecart | 1 Cubecart | 2025-04-16 | N/A | 8.0 HIGH |
| File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file. | |||||