Total
1152 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35080 | 1 Inxedu | 1 Inxedu | 2025-06-20 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to execute arbitrary code via uploading a crafted .jsp file. | |||||
| CVE-2024-35570 | 1 Inxedu | 1 Inxedu | 2025-06-20 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file. | |||||
| CVE-2023-51925 | 1 Yonyou | 1 Yonbip | 2025-06-20 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2021-31314 | 1 Ejinshan | 1 Terminal Security System | 2025-06-20 | N/A | 9.8 CRITICAL |
| File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server. | |||||
| CVE-2024-31777 | 1 Openeclass | 1 Openeclass | 2025-06-18 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint. | |||||
| CVE-2025-47559 | 2025-06-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server. This issue affects MapSVG: from n/a through 8.5.32. | |||||
| CVE-2025-47452 | 2025-06-17 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR allows Upload a Web Shell to a Web Server. This issue affects WP VR: from n/a through 8.5.26. | |||||
| CVE-2025-49444 | 2025-06-17 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor allows Upload a Web Shell to a Web Server. This issue affects Reformer for Elementor: from n/a through 1.0.5. | |||||
| CVE-2025-49447 | 2025-06-17 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0. | |||||
| CVE-2025-49071 | 2025-06-17 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen allows Upload a Web Shell to a Web Server. This issue affects Flozen: from n/a through n/a. | |||||
| CVE-2024-34982 | 1 Lylme | 1 Lylme Spage | 2025-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2024-28441 | 1 Magicflue | 1 Magicflue | 2025-06-17 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint. | |||||
| CVE-2023-51928 | 1 Yonyou | 1 Yonbip | 2025-06-16 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2023-51924 | 1 Yonyou | 1 Yonbip | 2025-06-16 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2025-32291 | 2025-06-12 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro allows Using Malicious Files. This issue affects SUMO Affiliates Pro: from n/a through 10.7.0. | |||||
| CVE-2024-24025 | 1 Xxyopen | 1 Novel-plus | 2025-06-12 | N/A | 9.8 CRITICAL |
| An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. | |||||
| CVE-2024-24000 | 1 Huaxiaerp | 1 Jsherp | 2025-06-12 | N/A | 9.8 CRITICAL |
| jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths. | |||||
| CVE-2024-26503 | 1 Openeclass | 1 Openeclass | 2025-06-10 | N/A | 9.1 CRITICAL |
| Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint. | |||||
| CVE-2025-48471 | 1 Freescout | 1 Freescout | 2025-06-10 | N/A | 9.8 CRITICAL |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to remote code execution if the Apache web server is used. This issue has been patched in version 1.8.179. | |||||
| CVE-2024-32514 | 1 Infotheme | 1 Wp Poll Maker | 2025-06-09 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4. | |||||