Total
4123 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000194 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| October CMS build 412 is vulnerable to Apache configuration modification via file upload functionality resulting in site compromise and possibly other applications on the server. | ||||
| CVE-2017-8080 | 1 Atlassian | 1 Hipchat Server | 2025-04-20 | N/A |
| Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | ||||
| CVE-2016-6124 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | N/A |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server. | ||||
| CVE-2017-1000119 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | ||||
| CVE-2017-1000081 | 1 Onosproject | 1 Onos | 2025-04-20 | 9.8 Critical |
| Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution. | ||||
| CVE-2020-22539 | 2 Codoforum, Codologic | 2 Codoforum, Codoforum | 2025-04-18 | 7.2 High |
| An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-32161 | 1 Jizhicms | 1 Jizhicms | 2025-04-18 | 9.8 Critical |
| jizhiCMS 2.5 suffers from a File upload vulnerability. | ||||
| CVE-2024-48202 | 1 Thecosy | 1 Icecms | 2025-04-18 | 9.8 Critical |
| icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile. | ||||
| CVE-2023-50692 | 1 Jizhicms | 1 Jizhicms | 2025-04-17 | 8.8 High |
| File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | ||||
| CVE-2024-2599 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | 9.9 Critical |
| File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure. | ||||
| CVE-2023-52044 | 1 Std42 | 1 Elfinder | 2025-04-17 | 9.8 Critical |
| Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension. | ||||
| CVE-2022-46135 | 1 Aerocms Project | 1 Aerocms | 2025-04-17 | 7.2 High |
| In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. | ||||
| CVE-2023-42248 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | 6.5 Medium |
| An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php". | ||||
| CVE-2022-46020 | 1 Wbce | 1 Wbce Cms | 2025-04-17 | 9.8 Critical |
| WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. | ||||
| CVE-2024-46377 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2025-04-16 | 9.8 Critical |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. | ||||
| CVE-2024-33438 | 1 Cubecart | 1 Cubecart | 2025-04-16 | 8 High |
| File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file. | ||||
| CVE-2024-31615 | 1 Thinkcmf | 1 Thinkcmf | 2025-04-16 | 9.8 Critical |
| ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php. | ||||
| CVE-2021-27428 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2025-04-16 | 9.8 Critical |
| GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10. | ||||
| CVE-2021-32961 | 1 Auvesy-mdt | 2 Autosave, Autosave For System Platform | 2025-04-16 | 7.5 High |
| A getfile function in MDT AutoSave versions prior to v6.02.06 enables a user to supply an optional parameter, resulting in the processing of a request in a special manner. This can result in the execution of an unzip command and place a malicious .exe file in one of the locations the function looks for and get execution capabilities. | ||||
| CVE-2021-43934 | 1 Smartptt | 1 Smartptt Scada | 2025-04-16 | 9.8 Critical |
| Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files. | ||||