Total
1156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27860 | 1 Fatpipeinc | 6 Ipvpn, Ipvpn Firmware, Mpvpn and 3 more | 2025-04-02 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006. | |||||
| CVE-2024-25274 | 1 Xxyopen | 1 Novel-plus | 2025-04-02 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-22824 | 1 Auntvt | 1 Timo | 2025-04-02 | N/A | 9.8 CRITICAL |
| An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. | |||||
| CVE-2022-40037 | 1 Javaweb Blog Project | 1 Javaweb Blog | 2025-04-02 | N/A | 9.8 CRITICAL |
| An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile. | |||||
| CVE-2024-57169 | 1 Soplanning | 1 Soplanning | 2025-04-02 | N/A | 9.8 CRITICAL |
| A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files. | |||||
| CVE-2024-8958 | 1 Composio | 1 Composio | 2025-04-01 | N/A | 9.8 CRITICAL |
| In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution. | |||||
| CVE-2024-29661 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 9.8 CRITICAL |
| A File Upload vulnerability in DedeCMS v5.7 allows a local attacker to execute arbitrary code via a crafted payload. | |||||
| CVE-2024-35375 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 9.8 CRITICAL |
| There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS | |||||
| CVE-2024-35510 | 1 Dedecms | 1 Dedecms | 2025-04-01 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2025-29411 | 1 Martmbithi | 1 Ibanking | 2025-03-28 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2024-3863 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-03-28 | N/A | 9.8 CRITICAL |
| The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | |||||
| CVE-2024-27747 | 1 Mayurik | 1 Petrol Pump Management | 2025-03-28 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component. | |||||
| CVE-2023-24202 | 1 Oretnom23 | 1 Raffle Draw System | 2025-03-26 | N/A | 9.8 CRITICAL |
| Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. | |||||
| CVE-2023-5601 | 1 Atomicwebstrategy | 1 Woocommerce Ninja Forms Product Add-ons | 2025-03-25 | N/A | 9.8 CRITICAL |
| The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. | |||||
| CVE-2022-45527 | 1 Institutional Management Website Project | 1 Institutional Management Website | 2025-03-25 | N/A | 9.8 CRITICAL |
| File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory. | |||||
| CVE-2023-24646 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2023-47873 | 1 Wensolutions | 1 Wp Child Theme Generator | 2025-03-19 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9. | |||||
| CVE-2023-47846 | 1 Terryl | 1 Wp Githuber Md | 2025-03-19 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2. | |||||
| CVE-2023-38388 | 1 Artbees | 1 Jupiter X Core | 2025-03-19 | N/A | 9.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. | |||||
| CVE-2021-35261 | 1 Bearadmin Project | 1 Bearadmin | 2025-03-18 | N/A | 9.8 CRITICAL |
| File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint. | |||||