Total
3127 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29661 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 9.8 Critical |
| A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. | ||||
| CVE-2024-35375 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 9.8 Critical |
| There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS | ||||
| CVE-2024-35510 | 1 Dedecms | 1 Dedecms | 2025-04-01 | 9.8 Critical |
| An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2022-40035 | 1 Blog-ssm Project | 1 Blog-ssm | 2025-04-01 | 8.8 High |
| File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component. | ||||
| CVE-2024-25869 | 1 Codeastro | 1 Membership Management System | 2025-04-01 | 8.8 High |
| An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component. | ||||
| CVE-2022-41217 | 1 Hybridsoftware | 1 Cloudflow | 2025-04-01 | 9.8 Critical |
| Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | ||||
| CVE-2024-46373 | 1 Dedecms | 1 Dedecms | 2025-03-31 | 8.8 High |
| Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. | ||||
| CVE-2023-0455 | 1 Bumsys Project | 1 Bumsys | 2025-03-31 | 8.8 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta. | ||||
| CVE-2025-29411 | 1 Martmbithi | 1 Ibanking | 2025-03-28 | 9.8 Critical |
| An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-3863 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-03-28 | 9.8 Critical |
| The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | ||||
| CVE-2022-48008 | 1 Limesurvey | 1 Limesurvey | 2025-03-28 | 9.8 Critical |
| An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-48006 | 1 Taogogo | 1 Taocms | 2025-03-28 | 9.8 Critical |
| An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | ||||
| CVE-2024-27747 | 1 Mayurik | 1 Petrol Pump Management | 2025-03-28 | 9.8 Critical |
| File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component. | ||||
| CVE-2024-47259 | 2025-03-28 | 3.5 Low | ||
| Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2022-43979 | 1 Pandorafms | 1 Pandora Fms | 2025-03-27 | 5.9 Medium |
| There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution. | ||||
| CVE-2024-24146 | 1 Libming | 1 Libming | 2025-03-27 | 6.5 Medium |
| A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file. | ||||
| CVE-2022-47854 | 1 I-librarian | 1 I-librarian | 2025-03-27 | 9.8 Critical |
| i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php. | ||||
| CVE-2025-2687 | 1 Phpgurukul | 1 Elearning System | 2025-03-27 | 6.3 Medium |
| A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2748 | 2025-03-27 | 6.5 Medium | ||
| The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. | ||||
| CVE-2025-2749 | 2025-03-27 | 7.2 High | ||
| An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178. | ||||