Total
2952 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1002001 | 1 Mobile-app-builder-by-wappress Project | 1 Mobile-app-builder-by-wappress | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com. | |||||
| CVE-2017-15673 | 1 Cs-cart | 1 Cs-cart | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page. | |||||
| CVE-2017-6104 | 1 Zen Mobile App Native Project | 1 Zen Mobile App Native | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | |||||
| CVE-2017-15957 | 1 Ingenious School Management System Project | 1 Ingenious School Management System | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file. | |||||
| CVE-2017-12678 | 2 Debian, Taglib | 2 Debian Linux, Taglib | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. | |||||
| CVE-2017-2737 | 1 Huawei | 2 Vcm5010, Vcm5010 Firmware | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system. | |||||
| CVE-2017-13156 | 1 Google | 1 Android | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847. | |||||
| CVE-2017-1002016 | 1 Flickr Picture Backup Project | 1 Flickr Picture Backup | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code in flickr-picture-download.php doesn't check to see if the user is authenticated or that they have permission to upload files. | |||||
| CVE-2020-22539 | 1 Codologic | 1 Codoforum | 2025-04-18 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-32161 | 1 Jizhicms | 1 Jizhicms | 2025-04-18 | N/A | 9.8 CRITICAL |
| jizhiCMS 2.5 suffers from a File upload vulnerability. | |||||
| CVE-2024-31351 | 1 Copymatic | 1 Copymatic | 2025-04-18 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6. | |||||
| CVE-2024-48202 | 1 Thecosy | 1 Icecms | 2025-04-18 | N/A | 9.8 CRITICAL |
| icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile. | |||||
| CVE-2023-50692 | 1 Jizhicms | 1 Jizhicms | 2025-04-17 | N/A | 8.8 HIGH |
| File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | |||||
| CVE-2024-2599 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 9.9 CRITICAL |
| File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure. | |||||
| CVE-2025-27282 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files. This issue affects Theme File Duplicator: from n/a through 1.3. | |||||
| CVE-2025-31339 | 2025-04-17 | N/A | N/A | ||
| An unrestricted upload of file with dangerous type vulnerability in the course management function of Wisdom Master Pro versions 5.0 through 5.2 allows remote authenticated users to craft a malicious file. | |||||
| CVE-2025-32682 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34. | |||||
| CVE-2025-39436 | 2025-04-17 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0. | |||||
| CVE-2025-32652 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files. This issue affects Solace Extra: from n/a through 1.3.1. | |||||
| CVE-2025-32660 | 2025-04-17 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2. | |||||