Total
4088 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-26411 | 2026-06-17 | N/A | 8.8 HIGH | ||
| An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web interface to be able to conduct this attack. This issue is fixed in recent firmware versions BSP >= 6.1.0. | |||||
| CVE-2025-26350 | 1 Q-free | 1 Maxtime | 2026-06-17 | N/A | 4.9 MEDIUM |
| A CWE-434 "Unrestricted Upload of File with Dangerous Type" in the template file uploads in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to upload malicious files via crafted HTTP requests. | |||||
| CVE-2025-26325 | 1 Shopxo | 1 Shopxo | 2026-06-17 | N/A | 9.8 CRITICAL |
| ShopXO 6.4.0 is vulnerable to File Upload in ThemeDataService.php. | |||||
| CVE-2025-26319 | 1 Flowiseai | 1 Flowise | 2026-06-17 | N/A | 9.8 CRITICAL |
| FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments. | |||||
| CVE-2025-25790 | 1 Foxcms | 1 Foxcms | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file. | |||||
| CVE-2025-25784 | 1 Jizhicms | 1 Jizhicms | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file. | |||||
| CVE-2025-25783 | 1 Emlog | 1 Emlog | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file. | |||||
| CVE-2025-25361 | 1 Publiccms | 1 Publiccms | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /cms/CmsWebFileAdminController.java of PublicCMS v4.0.202406 allows attackers to execute arbitrary code via uploading a crafted svg or xml file. | |||||
| CVE-2025-25016 | 1 Elastic | 1 Kibana | 2026-06-17 | N/A | 4.3 MEDIUM |
| Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation. | |||||
| CVE-2025-24862 | 1 Intel | 1 Computing Improvement Program | 2026-06-17 | N/A | 2.0 LOW |
| Unrestricted upload of file with dangerous type for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via network access when attack requirements are present with special internal knowledge and requires passive user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-24801 | 1 Glpi-project | 1 Glpi | 2026-06-17 | N/A | 8.5 HIGH |
| GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18. | |||||
| CVE-2025-24775 | 2026-06-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through <= 2.9.0. | |||||
| CVE-2025-24650 | 1 Themefic | 1 Tourfic | 2026-06-17 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic allows Upload a Web Shell to a Web Server.This issue affects Tourfic: from n/a through <= 2.15.3. | |||||
| CVE-2025-24505 | 2026-06-17 | N/A | N/A | ||
| This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. | |||||
| CVE-2025-24489 | 2026-06-17 | N/A | 6.3 MEDIUM | ||
| An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise. | |||||
| CVE-2025-23968 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in WebFactory AiBud WP aibuddy-openai-chatgpt allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through <= 1.9. | |||||
| CVE-2025-23953 | 2026-06-17 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Scriptonite user files user-files allows Upload a Web Shell to a Web Server.This issue affects user files: from n/a through <= 2.4.2. | |||||
| CVE-2025-23942 | 2026-06-17 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through <= 2.1.6. | |||||
| CVE-2025-23921 | 2026-06-17 | N/A | 9.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in sh1zen Multi Uploader for Gravity Forms gf-multi-uploader allows Upload a Web Shell to a Web Server.This issue affects Multi Uploader for Gravity Forms: from n/a through <= 1.1.3. | |||||
| CVE-2025-23918 | 2026-06-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Enrico Sandoli Smallerik File Browser smallerik-file-browser allows Upload a Web Shell to a Web Server.This issue affects Smallerik File Browser: from n/a through <= 1.1. | |||||
