Total
3572 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2748 | 1 Kentico | 1 Xperience | 2025-11-19 | 6.5 Medium |
| The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. | ||||
| CVE-2025-2749 | 1 Kentico | 1 Xperience | 2025-11-19 | 7.2 High |
| An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178. | ||||
| CVE-2025-12974 | 2 Gravityforms, Wordpress | 2 Gravity Forms, Wordpress | 2025-11-19 | 8.1 High |
| The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through the chunked upload mechanism. This makes it possible for unauthenticated attackers to upload executable .phar files and achieve remote code execution on the server, granted they can discover or enumerate the upload path. In order for an attacker to achieve RCE, the web server needs to be set up to process .phar file as PHP via file handler mapping or similar. | ||||
| CVE-2025-34097 | 1 Processmaker | 1 Processmaker | 2025-11-19 | N/A |
| An unrestricted file upload vulnerability exists in ProcessMaker versions prior to 3.5.4 due to improper handling of uploaded plugin archives. An attacker with administrative privileges can upload a malicious .tar plugin file containing arbitrary PHP code. Upon installation, the plugin’s install() method is invoked, resulting in execution of attacker-supplied PHP code on the server with the privileges of the web server user. This vulnerability can be chained with CVE-2022-38577 — a privilege escalation flaw in the user profile page — to achieve full remote code execution from a low-privileged account. | ||||
| CVE-2025-34086 | 2 Bolt, Boltcms | 2 Bolt Cms, Bolt | 2025-11-19 | 8.8 High |
| Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. The attacker can then list and rename cached session files via the /async/browse/cache/.sessions and /async/folder/rename endpoints. By renaming a .session file to a path under the publicly accessible /files/ directory with a .php extension, the attacker can turn the injected code into an executable web shell. Finally, the attacker triggers the payload via a crafted HTTP GET request to the rogue file. NOTE: The vendor announced that Bolt 3 reached end-of-life after 31 December 2021. | ||||
| CVE-2025-63678 | 1 Cms Made Simple | 1 Cms Made Simple | 2025-11-19 | 3.8 Low |
| An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2025-12528 | 2 Genetechproducts, Wordpress | 2 Pie Forms, Wordpress | 2025-11-19 | 8.1 High |
| The Pie Forms for WP plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.6 via the format_classic function. This is due to insufficient file type validation where the validate_classic method validates file extensions and sets error messages but does not prevent the file upload process from continuing. This makes it possible for unauthenticated attackers to upload files with dangerous extensions such as PHP, which makes remote code execution possible. In order to exploit this vulnerability, the attacker needs to guess the directory in which the file is placed (which is a somewhat predictable hash). In addition to that, the file name is generated using a secure hash method, limiting the exploitability of this vulnerability. | ||||
| CVE-2025-13069 | 2 Ideastocode, Wordpress | 2 Enable Svg, Webp & Ico Upload, Wordpress | 2025-11-19 | 8.8 High |
| The Enable SVG, WebP, and ICO Upload plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.1.2. This is due to insufficient file type validation detecting ICO files, allowing double extension files with the appropriate magic bytes to bypass sanitization while being accepted as a valid ICO file. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-34299 | 1 Monstaftp | 1 Monsta Ftp | 2025-11-19 | N/A |
| Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server. | ||||
| CVE-2025-12775 | 1 Wordpress | 1 Wordpress | 2025-11-18 | 8.8 High |
| The WP Dropzone plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 1.1.0 via the `ajax_upload_handle` function. This is due to the chunked upload functionality writing files directly to the uploads directory before any file type validation occurs. This makes it possible for authenticated attackers, with subscriber level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2021-25780 | 1 Janobe | 1 Baby Care System | 2025-11-18 | 7.2 High |
| An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell. | ||||
| CVE-2025-2396 | 1 Edetw | 1 U-office Force | 2025-11-18 | 8.8 High |
| The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | ||||
| CVE-2025-13198 | 1 Douphp | 1 Douphp | 2025-11-18 | 4.7 Medium |
| A vulnerability has been found in DouPHP up to 1.8 Release 20251022. This impacts an unknown function of the file upload/include/file.class.php. The manipulation of the argument File leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-13275 | 1 Iqbolshoh | 1 Php-business-website | 2025-11-18 | 4.7 Medium |
| A security vulnerability has been detected in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This affects an unknown part of the file /admin/about.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2025-13249 | 1 Jiusi | 1 Jiusi Oa | 2025-11-18 | 6.3 Medium |
| A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-34222 | 1 Vasion | 2 Virtual Appliance Application, Virtual Appliance Host | 2025-11-17 | 9.1 Critical |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose four admin routes – /admin/hp/cert_upload, /admin/hp/cert_delete, /admin/certs/ca, and /admin/certs/serviceclients/{scid} – without any authentication check. The routes are defined in the /var/www/app/routes/web.php file inside the printercloud/pi Docker container and are handled by the HPCertificateController class, which performs no user validation. An unauthenticated attacker can therefore upload a new TLS/SSL certificate replacing the trusted root used by the appliance, delete an existing certificate causing immediate loss of trust for services that rely on it, or download any stored CA or client certificate via the service‑clients endpoint which also suffers an IDOR that allows enumeration of all client IDs. This vulnerability has been identified by the vendor as: V-2024-028 — Unauthenticated Admin APIs Used to Modify SSL Certificates. | ||||
| CVE-2025-34195 | 3 Microsoft, Printerlogic, Vasion | 5 Windows, Vasion Print, Virtual Appliance and 2 more | 2025-11-17 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability during driver installation caused by unquoted program paths. The PrinterInstallerClient driver-installation component launches programs using an unquoted path under "C:\Program Files (x86)\Printer Properties Pro\Printer Installer". Because the path is unquoted, the operating system may execute a program located at a short-path location such as C:\Program.exe before the intended binaries in the quoted path. If an attacker can place or cause a program to exist at that location, it will be executed with the privileges of the installer process (which may be elevated), enabling arbitrary code execution and potential privilege escalation. This weakness can be used to achieve remote code execution and full compromise of affected Windows endpoints. This vulnerability has been identified by the vendor as: V-2022-006 — Driver Upload Security. | ||||
| CVE-2022-44760 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 4.6 Medium |
| Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. | ||||
| CVE-2025-20375 | 1 Cisco | 1 Unified Contact Center Express | 2025-11-17 | 6.5 Medium |
| A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by uploading a crafted file to the web UI. A successful exploit could allow the attacker to upload arbitrary files to a vulnerable system and execute them, gaining access to the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials. | ||||
| CVE-2025-20376 | 1 Cisco | 1 Unified Contact Center Express | 2025-11-17 | 6.5 Medium |
| A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an insufficient input validation associated to file upload mechanisms. An attacker could exploit this vulnerability by uploading a malicious file to the web UI and executing it. A successful exploit could allow the attacker to execute arbitrary commands on the underlying system and elevate privileges to root. To exploit this vulnerability, the attacker must have valid administrative credentials. | ||||