Total
3558 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7063 | 1 Widzialni | 1 Pad Cms | 2025-11-26 | N/A | 9.8 CRITICAL |
| Due to client-controlled permission check parameter, PAD CMS's file upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability. | |||||
| CVE-2025-7065 | 1 Widzialni | 1 Pad Cms | 2025-11-26 | N/A | 9.8 CRITICAL |
| Due to client-controlled permission check parameter, PAD CMS's photo upload functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability. | |||||
| CVE-2025-8120 | 1 Widzialni | 1 Pad Cms | 2025-11-26 | N/A | 9.8 CRITICAL |
| Due to client-controlled permission check parameter, PAD CMS's upload photo functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can then be executed leading to Remote Code Execution.This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability. | |||||
| CVE-2013-10044 | 1 Open-emr | 1 Openemr | 2025-11-26 | N/A | 8.8 HIGH |
| An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system. | |||||
| CVE-2025-12973 | 2025-11-25 | N/A | 7.2 HIGH | ||
| The S2B AI Assistant – ChatBot, ChatGPT, OpenAI, Content & Image Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeFile() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-13376 | 2025-11-25 | N/A | 7.2 HIGH | ||
| The ProjectList plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 0.3.0. This makes it possible for authenticated attackers, with Editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-7330 | 2025-11-25 | N/A | N/A | ||
| Ruijie NBR series routers contain an unauthenticated arbitrary file upload vulnerability via /ddi/server/fileupload.php. The endpoint accepts attacker-supplied values in the name and uploadDir parameters and saves the provided multipart file content without adequate validation or sanitization of file type, path, or extension. A remote attacker can upload a crafted PHP file and then access it from the web root, resulting in arbitrary code execution in the context of the web service. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-14 UTC. | |||||
| CVE-2025-13411 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2025-11-24 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Performing manipulation of the argument product_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | |||||
| CVE-2021-4462 | 1 Skittles | 1 Employee Records System | 2025-11-24 | N/A | 9.8 CRITICAL |
| Employee Records System version 1.0 contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload arbitrary files via the uploadID.php endpoint; uploaded files can be executed because the application does not perform proper server-side validation. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC. | |||||
| CVE-2024-8164 | 1 Beikeshop | 1 Beikeshop | 2025-11-24 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in Chengdu Everbrite Network Technology BeikeShop up to 1.5.5. This affects the function rename of the file /Admin/Http/Controllers/FileManagerController.php. This manipulation of the argument new_name causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.6.0 is able to mitigate this issue. The affected component should be upgraded. | |||||
| CVE-2025-13185 | 1 Bdtask | 1 News365 | 2025-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profile_image/banner_image results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-13238 | 1 Bdtask | 1 Flight Booking Software | 2025-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A weakness has been identified in Bdtask Flight Booking Software 4. Affected by this vulnerability is an unknown functionality of the file /agent/profile/edit of the component Edit Profile Page. This manipulation causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12223 | 1 Bdtask | 1 Flight Booking Software | 2025-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in Bdtask Flight Booking Software up to 3.1. This affects an unknown part of the file /b2c/package-information of the component Package Information Module. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12222 | 1 Bdtask | 1 Flight Booking Software | 2025-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A security vulnerability has been detected in Bdtask Flight Booking Software up to 3.1. Affected by this issue is some unknown functionality of the file /admin/transaction/deposit of the component Deposit Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-13423 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2025-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing manipulation of the argument product_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-41735 | 1 Metz-connect | 6 Ewio2-bm, Ewio2-bm Firmware, Ewio2-m and 3 more | 2025-11-21 | N/A | 8.8 HIGH |
| A low privileged remote attacker can upload any file to an arbitrary location due to missing file check resulting in remote code execution. | |||||
| CVE-2025-64176 | 1 Matiasdesuu | 1 Thinkdashboard | 2025-11-21 | N/A | 5.3 MEDIUM |
| ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a backup, an attacker can first choose a .zip file to bypass the client-side file-type verification. This could lead to stored XSS, or be used for other nefarious purposes such as malware distribution. This issue is fixed in version 0.6.8. | |||||
| CVE-2025-12862 | 1 Projectworlds | 1 Online Notes Sharing Platform | 2025-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used. | |||||
| CVE-2025-64759 | 2025-11-21 | N/A | 8.1 HIGH | ||
| Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an attacker's account to the "credentials-admin" group, giving them full administrative access, if a user logged in as an administrator was to view the page which renders or redirects to the SVG. This issue has been patched in version 1.43.3. | |||||
| CVE-2025-0645 | 2025-11-21 | N/A | 7.2 HIGH | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Pyxis Signage: through 31012025. | |||||