Total
3031 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43283 | 1 Webassembly | 1 Wabt | 2025-05-08 | 5.5 Medium |
| wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. | ||||
| CVE-2024-24350 | 1 Softwarepublico | 1 E-sic Livre | 2025-05-08 | 8.8 High |
| File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component. | ||||
| CVE-2024-22515 | 1 Ispyconnect | 1 Agent Dvr | 2025-05-08 | 8.8 High |
| Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. | ||||
| CVE-2024-1261 | 1 Juanpao | 1 Jpshop | 2025-05-08 | 6.3 Medium |
| A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000. | ||||
| CVE-2025-23213 | 1 Tandoor | 1 Recipes | 2025-05-08 | 8.7 High |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28. | ||||
| CVE-2025-28168 | 2025-05-08 | 6.4 Medium | ||
| The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side. An attacker can intercept the upload request and modify a parameter to bypass extension restrictions and upload arbitrary files. NOTE: this is a third-party component that is not supplied or supported by OutSystems. | ||||
| CVE-2024-25925 | 1 Sysbasics | 1 Easy Checkout Field Editor | 2025-05-08 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12. | ||||
| CVE-2024-25913 | 1 Skymoonlabs | 1 Moveto | 2025-05-08 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. | ||||
| CVE-2022-42198 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | 8.8 High |
| In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. | ||||
| CVE-2022-31366 | 1 Eve-ng | 1 Eve-ng | 2025-05-08 | 7.2 High |
| An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. | ||||
| CVE-2025-47549 | 2025-05-08 | 9.1 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10. | ||||
| CVE-2025-47550 | 2025-05-08 | 6.6 Medium | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio allows Upload a Web Shell to a Web Server. This issue affects Instantio: from n/a through 3.3.16. | ||||
| CVE-2022-42201 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | 7.2 High |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. | ||||
| CVE-2024-25909 | 1 Joomunited | 1 Wp Media Folder | 2025-05-08 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. | ||||
| CVE-2024-7399 | 2 Samsung, Samsung Electronics | 2 Magicinfo 9 Server, Magicinfo 9 Server | 2025-05-08 | 8.8 High |
| Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. | ||||
| CVE-2024-23759 | 1 Gambio | 1 Gambio | 2025-05-07 | 9.8 Critical |
| Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. | ||||
| CVE-2022-36452 | 1 Mitel | 1 Micollab | 2025-05-07 | 9.8 Critical |
| A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application. | ||||
| CVE-2022-41711 | 1 Uatech | 1 Badaso | 2025-05-07 | 9.8 Critical |
| Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | ||||
| CVE-2024-1260 | 1 Juanpao | 1 Jpshop | 2025-05-07 | 6.3 Medium |
| A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999. | ||||
| CVE-2022-39978 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-07 | 7.2 High |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | ||||