Total
3100 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7399 | 2 Samsung, Samsung Electronics | 2 Magicinfo 9 Server, Magicinfo 9 Server | 2025-05-08 | 8.8 High |
| Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. | ||||
| CVE-2024-23759 | 1 Gambio | 1 Gambio | 2025-05-07 | 9.8 Critical |
| Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | ||||
| CVE-2022-36452 | 1 Mitel | 1 Micollab | 2025-05-07 | 9.8 Critical |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. | ||||
| CVE-2022-41711 | 1 Uatech | 1 Badaso | 2025-05-07 | 9.8 Critical |
| Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | ||||
| CVE-2024-1260 | 1 Juanpao | 1 Jpshop | 2025-05-07 | 6.3 Medium |
| A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999. | ||||
| CVE-2022-39978 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-07 | 7.2 High |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | ||||
| CVE-2022-39977 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-07 | 7.2 High |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | ||||
| CVE-2025-0471 | 1 Sigb | 1 Pmb | 2025-05-07 | 9.9 Critical |
| Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely. | ||||
| CVE-2025-0472 | 1 Sigb | 1 Pmb | 2025-05-07 | 7.5 High |
| Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response. | ||||
| CVE-2022-43231 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-07 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-42189 | 1 Emlog | 1 Emlog | 2025-05-07 | 7.2 High |
| Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. | ||||
| CVE-2022-43275 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-07 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2025-4305 | 2025-05-07 | 6.3 Medium | ||
| A vulnerability has been found in kefaming mayi up to 1.3.9 and classified as critical. This vulnerability affects the function Upload of the file app/tools/controller/File.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4291 | 2025-05-07 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0984 | 2025-05-07 | 8.2 High | ||
| Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection.This issue affects E-Flow: before 3.23.00. | ||||
| CVE-2025-4333 | 2025-05-07 | 6.3 Medium | ||
| A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the argument uploadFile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. | ||||
| CVE-2024-48594 | 2 Fast5, Sourcecodester | 2 Prison Management System, Prison Management System | 2025-05-06 | 8.8 High |
| File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component. | ||||
| CVE-2025-31324 | 1 Sap | 1 Netweaver | 2025-05-06 | 10 Critical |
| SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. | ||||
| CVE-2022-41681 | 1 Formalms | 1 Formalms | 2025-05-06 | 9.9 Critical |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. | ||||
| CVE-2022-42925 | 1 Formalms | 1 Formalms | 2025-05-06 | 9.9 Critical |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection. | ||||