Total
3427 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3324 | 1 Godcheese | 1 Nimrod | 2025-04-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in godcheese/code-projects Nimrod 0.8. Affected by this issue is some unknown functionality of the file FileRestController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-20296 | 1 Cisco | 1 Identity Services Engine | 2025-04-07 | N/A | 4.7 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root. | |||||
| CVE-2025-3169 | 2025-04-07 | 4.6 MEDIUM | 5.0 MEDIUM | ||
| A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that "this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web." | |||||
| CVE-2025-32118 | 2025-04-07 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance allows Using Malicious Files. This issue affects CMP – Coming Soon & Maintenance: from n/a through 4.1.13. | |||||
| CVE-2024-31012 | 1 Sem-cms | 1 Semcms | 2025-04-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file. | |||||
| CVE-2023-22851 | 1 Tiki | 1 Tiki | 2025-04-04 | N/A | 7.2 HIGH |
| Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call. | |||||
| CVE-2024-34440 | 1 Meowapps | 1 Ai Engine | 2025-04-04 | N/A | 9.1 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63. | |||||
| CVE-2024-31610 | 1 Code-projects | 1 Simple School Management System | 2025-04-04 | N/A | 6.3 MEDIUM |
| File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file. | |||||
| CVE-2024-28890 | 1 Incsub | 1 Forminator | 2025-04-04 | N/A | 5.3 MEDIUM |
| Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition. | |||||
| CVE-2024-9920 | 1 Lollms | 1 Lollms Web Ui | 2025-04-03 | N/A | 8.8 HIGH |
| In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/open_file' API endpoint to execute these files. The vulnerability arises from the use of 'subprocess.Popen' to open files without proper validation, leading to potential remote code execution. | |||||
| CVE-2022-47766 | 1 Popojicms | 1 Popojicms | 2025-04-03 | N/A | 8.8 HIGH |
| PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability. | |||||
| CVE-2005-3288 | 1 Rockliffe | 1 Mailsite Express | 2025-04-03 | 5.0 MEDIUM | N/A |
| Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the message. | |||||
| CVE-2001-0340 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 7.5 HIGH | N/A |
| An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. | |||||
| CVE-2004-2262 | 1 E107 | 1 E107 | 2025-04-03 | 7.5 HIGH | N/A |
| ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. | |||||
| CVE-2006-2428 | 1 Duware Dubanner Project | 1 Duware Dubanner | 2025-04-03 | 7.5 HIGH | N/A |
| add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague. | |||||
| CVE-2005-0254 | 1 Markusmobius | 1 Biborb | 2025-04-03 | 4.3 MEDIUM | 3.7 LOW |
| BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files. | |||||
| CVE-2001-0901 | 1 Hypermail Development | 1 Hypermail | 2025-04-03 | 7.5 HIGH | N/A |
| Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment. | |||||
| CVE-2005-1881 | 1 Yapig | 1 Yapig | 2025-04-03 | 7.5 HIGH | N/A |
| upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code. | |||||
| CVE-2002-1841 | 1 Noguska | 1 Nola | 2025-04-03 | 5.0 MEDIUM | N/A |
| The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions such as .php4. | |||||
| CVE-2006-4471 | 1 Joomla | 1 Joomla\! | 2025-04-03 | 6.5 MEDIUM | N/A |
| The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. | |||||