Total
4007 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41538 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-14 | 8.8 High |
| Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /Wedding-Management-PHP/admin/photos_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-32177 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2025-05-14 | 9 Critical |
| In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover. | ||||
| CVE-2024-7277 | 1 Adonesevangelista | 1 Restaurant Management System | 2025-05-14 | 4.7 Medium |
| A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273146 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-41539 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-14 | 8.8 High |
| Wedding Planner v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /admin/users_add.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2025-4310 | 1 Emiloi | 1 Content Management System | 2025-05-13 | 4.7 Medium |
| A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. This affects an unknown part of the file /admin/add_topic.php?category=BBS. The manipulation of the argument Cover Image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-57450 | 1 1000mz | 1 Chestnutcms | 2025-05-13 | 9.8 Critical |
| ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. | ||||
| CVE-2025-40625 | 1 Tcman | 1 Gim | 2025-05-13 | 9.8 Critical |
| Unrestricted file upload in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to upload any file within the server, even a malicious file to obtain a Remote Code Execution (RCE). | ||||
| CVE-2024-5450 | 1 Bug Library Project | 1 Bug Library | 2025-05-13 | 9.1 Critical |
| The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files | ||||
| CVE-2020-8974 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2025-05-13 | 10 Critical |
| In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the firmware upload process does not perform any type of restriction. This allows an attacker to modify it and re-upload it via web with malicious modifications, rendering the device unusable. | ||||
| CVE-2025-2031 | 1 1000mz | 1 Chestnutcms | 2025-05-12 | 6.3 Medium |
| A vulnerability classified as critical has been found in ChestnutCMS up to 1.5.2. This affects the function uploadFile of the file /dev-api/cms/file/upload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-3552 | 1 Boxbilling | 1 Boxbilling | 2025-05-12 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. | ||||
| CVE-2020-26629 | 1 Phpgurukul | 1 Hospital Management System | 2025-05-09 | 9.8 Critical |
| A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. | ||||
| CVE-2022-43283 | 1 Webassembly | 1 Wabt | 2025-05-08 | 5.5 Medium |
| wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write. | ||||
| CVE-2024-24350 | 1 Softwarepublico | 1 E-sic Livre | 2025-05-08 | 8.8 High |
| File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component. | ||||
| CVE-2024-22515 | 1 Ispyconnect | 1 Agent Dvr | 2025-05-08 | 8.8 High |
| Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. | ||||
| CVE-2024-1261 | 1 Juanpao | 1 Jpshop | 2025-05-08 | 6.3 Medium |
| A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000. | ||||
| CVE-2025-23213 | 1 Tandoor | 1 Recipes | 2025-05-08 | 8.7 High |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28. | ||||
| CVE-2022-42198 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | 8.8 High |
| In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. | ||||
| CVE-2022-31366 | 1 Eve-ng | 1 Eve-ng | 2025-05-08 | 7.2 High |
| An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file. | ||||
| CVE-2022-42201 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2025-05-08 | 7.2 High |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. | ||||