Total
2761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28128 | 1 Ivanti | 1 Avalanche | 2025-01-28 | N/A | 7.2 HIGH |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-48777 | 1 Elementor | 1 Website Builder | 2025-01-28 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. | |||||
| CVE-2016-3088 | 1 Apache | 1 Activemq | 2025-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. | |||||
| CVE-2025-23213 | 2025-01-28 | N/A | 8.7 HIGH | ||
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28. | |||||
| CVE-2023-31689 | 1 Wcms | 1 Wcms | 2025-01-28 | N/A | 9.8 CRITICAL |
| In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution. | |||||
| CVE-2024-13448 | 2025-01-28 | N/A | 9.8 CRITICAL | ||
| The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and including, 2.32.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2023-31903 | 1 Freeguppy | 1 Guppy | 2025-01-27 | N/A | 9.8 CRITICAL |
| GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file. | |||||
| CVE-2023-29930 | 1 Genesys | 1 Tftp Server | 2025-01-27 | N/A | 8.8 HIGH |
| An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page. | |||||
| CVE-2021-34076 | 1 Phpok | 1 Phpok | 2025-01-27 | N/A | 8.8 HIGH |
| File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. | |||||
| CVE-2024-55926 | 2025-01-27 | N/A | 6.3 MEDIUM | ||
| A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data | |||||
| CVE-2025-0722 | 2025-01-27 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0357 | 2025-01-25 | N/A | 9.8 CRITICAL | ||
| The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and including, 1.6.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2022-4774 | 1 Bitapps | 1 Bit Form | 2025-01-24 | N/A | 9.8 CRITICAL |
| The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. | |||||
| CVE-2023-30247 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2025-01-24 | N/A | 9.8 CRITICAL |
| File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. | |||||
| CVE-2023-29657 | 1 Extplorer | 1 Extplorer | 2025-01-24 | N/A | 8.8 HIGH |
| eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions. | |||||
| CVE-2024-13091 | 1 Wpbot | 1 Wpot | 2025-01-24 | N/A | 9.8 CRITICAL |
| The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin. | |||||
| CVE-2025-24650 | 2025-01-24 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3. | |||||
| CVE-2025-0702 | 2025-01-24 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | |||||
| CVE-2024-40693 | 2025-01-24 | N/A | 8.0 HIGH | ||
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | |||||
| CVE-2024-25034 | 2025-01-24 | N/A | 8.0 HIGH | ||
| IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. | |||||