Total
1152 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24650 | 1 Themefic | 1 Tourfic | 2025-06-09 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3. | |||||
| CVE-2025-45854 | 1 Jehc | 1 Jehc-bpm | 2025-06-09 | N/A | 10.0 CRITICAL |
| /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams. | |||||
| CVE-2025-3835 | 2025-06-09 | N/A | 9.6 CRITICAL | ||
| Zohocorp ManageEngine Exchange Reporter Plus versions 5721 and prior are vulnerable to Remote code execution in the Content Search module. | |||||
| CVE-2024-48760 | 1 Gestioip | 1 Gestioip | 2025-06-06 | N/A | 9.8 CRITICAL |
| An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution. | |||||
| CVE-2024-42563 | 1 Jerryhanjj | 1 Erp | 2025-06-05 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. | |||||
| CVE-2024-10627 | 1 Vanquish | 1 Woocommerce Support Ticket System | 2025-06-05 | N/A | 9.8 CRITICAL |
| The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-47577 | 2025-06-05 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a before 2.10.0. | |||||
| CVE-2024-40744 | 1 Convert Forms Project | 1 Convert Forms | 2025-06-04 | N/A | 9.8 CRITICAL |
| Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. | |||||
| CVE-2022-38887 | 1 D8s-python Project | 1 D8s-python | 2025-06-03 | N/A | 9.8 CRITICAL |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2023-50982 | 1 Studip | 1 Stud.ip | 2025-06-03 | N/A | 9.0 CRITICAL |
| Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9. | |||||
| CVE-2023-27168 | 1 Xpand-it | 1 Write-back Manager | 2025-06-02 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. | |||||
| CVE-2024-6366 | 1 Cozmoslabs | 1 Profile Builder | 2025-05-30 | N/A | 9.1 CRITICAL |
| The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP. | |||||
| CVE-2023-41505 | 1 Code-projects | 1 Student Enrollment | 2025-05-28 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2022-32176 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2025-05-27 | N/A | 9.0 CRITICAL |
| In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the "Compress Upload" functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin's cookie leading to account takeover. | |||||
| CVE-2022-38916 | 1 Pagekit | 1 Pagekit | 2025-05-27 | N/A | 9.8 CRITICAL |
| A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files | |||||
| CVE-2022-40087 | 1 Simple College Website Project | 1 Simple College Website | 2025-05-27 | N/A | 9.8 CRITICAL |
| Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2025-46490 | 2025-05-23 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Upload a Web Shell to a Web Server. This issue affects Crossword Compiler Puzzles: from n/a through 5.2. | |||||
| CVE-2025-47663 | 2025-05-23 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0(20 through 11. | |||||
| CVE-2025-31916 | 2025-05-23 | N/A | 9.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a. | |||||
| CVE-2025-47641 | 2025-05-23 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.3.8. | |||||