Total
1152 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-48202 | 1 Thecosy | 1 Icecms | 2025-04-18 | N/A | 9.8 CRITICAL |
| icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile. | |||||
| CVE-2024-2599 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | N/A | 9.9 CRITICAL |
| File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure. | |||||
| CVE-2025-27282 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files. This issue affects Theme File Duplicator: from n/a through 1.3. | |||||
| CVE-2025-32660 | 2025-04-17 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2. | |||||
| CVE-2025-32652 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files. This issue affects Solace Extra: from n/a through 1.3.1. | |||||
| CVE-2025-39436 | 2025-04-17 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0. | |||||
| CVE-2025-32682 | 2025-04-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34. | |||||
| CVE-2023-52044 | 1 Std42 | 1 Elfinder | 2025-04-17 | N/A | 9.8 CRITICAL |
| Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension. | |||||
| CVE-2024-46377 | 1 Mayurik | 1 Best House Rental Management System | 2025-04-16 | N/A | 9.8 CRITICAL |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. | |||||
| CVE-2024-31615 | 1 Thinkcmf | 1 Thinkcmf | 2025-04-16 | N/A | 9.8 CRITICAL |
| ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php. | |||||
| CVE-2023-42286 | 1 Eyoucms | 1 Eyoucms | 2025-04-16 | N/A | 9.8 CRITICAL |
| There is a PHP file inclusion vulnerability in the template configuration of eyoucms v1.6.4, allowing attackers to execute code or system commands through a carefully crafted malicious payload. | |||||
| CVE-2025-39557 | 2025-04-16 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Upload a Web Shell to a Web Server. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.14. | |||||
| CVE-2025-26927 | 2025-04-16 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server. This issue affects AI Hub: from n/a through 1.3.3. | |||||
| CVE-2024-56975 | 1 Invoiceplane | 1 Invoiceplane | 2025-04-14 | N/A | 9.8 CRITICAL |
| InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller. | |||||
| CVE-2024-54918 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
| Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. | |||||
| CVE-2016-5050 | 1 Readydesk | 1 Readydesk | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary code by uploading and requesting a .aspx file. | |||||
| CVE-2016-7095 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | |||||
| CVE-2016-3088 | 1 Apache | 1 Activemq | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. | |||||
| CVE-2015-1000000 | 1 Mailcwp Project | 1 Mailcwp | 2025-04-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | |||||
| CVE-2015-1000001 | 1 Fast-image-adder Project | 1 Fast-image-adder | 2025-04-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | |||||