Export limit exceeded: 343019 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54757 | 1 Alfasado | 1 Powercms | 2025-08-06 | 6.5 Medium |
| Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser. | ||||
| CVE-2025-8379 | 1 Campcodes | 1 Online Hotel Reservation System | 2025-08-06 | 4.7 Medium |
| A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2014-0468 | 1 Fusionforge | 1 Fusionforge | 2025-08-06 | 9.8 Critical |
| Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506. | ||||
| CVE-2025-52078 | 1 Writebot | 1 Ai Content Generator | 2025-08-06 | 6.5 Medium |
| File upload vulnerability in Writebot AI Content Generator SaaS React Template thru 4.0.0, allowing remote attackers to gain escalated privileges via a crafted POST request to the /file-upload endpoint. | ||||
| CVE-2025-54962 | 1 Openplcproject | 2 Openplc, Openplc V3 | 2025-08-05 | 6.4 Medium |
| /edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI. | ||||
| CVE-2025-8171 | 2 Code-projects, Fabian | 2 Document Management System, Document Management System | 2025-08-05 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8174 | 2 Code-projects, Fabian | 2 Voting System, Voting System | 2025-08-05 | 6.3 Medium |
| A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7898 | 1 Ambitiousitbd | 1 Identsoft | 2025-08-05 | 4.7 Medium |
| A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Page. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2017-2617 | 2 Hawt, Redhat | 3 Hawtio, Jboss Amq, Jboss Fuse | 2025-08-05 | N/A |
| hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed. | ||||
| CVE-2025-7443 | 2 Berqier, Wordpress | 2 Berqwp, Wordpress | 2025-08-04 | 8.1 High |
| The BerqWP – Automated All-In-One Page Speed Optimization for Core Web Vitals, Cache, CDN, Images, CSS, and JavaScript plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the store_javascript_cache.php file in all versions up to, and including, 2.2.42. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-1166 | 1 Remyandrade | 1 Food Menu Manager | 2025-08-01 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-8019 | 1 Lightningai | 1 Pytorch Lightning | 2025-08-01 | 9.1 Critical |
| In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations. | ||||
| CVE-2025-24801 | 1 Glpi-project | 1 Glpi | 2025-08-01 | 8.6 High |
| GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of *.php files located on the GLPI server. This vulnerability is fixed in 10.0.18. | ||||
| CVE-2025-7847 | 1 Wordpress | 1 Wordpress | 2025-07-31 | 8.8 High |
| The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server when the REST API is enabled, which may make remote code execution possible. | ||||
| CVE-2025-8323 | 1 Ventem | 1 E-school | 2025-07-31 | 8.8 High |
| The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | ||||
| CVE-2025-8256 | 2 Code-projects, Fabian | 2 Online Ordering System, Online Ordering System | 2025-07-31 | 6.3 Medium |
| A vulnerability classified as critical has been found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/product.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-8255 | 1 Code-projects | 1 Exam Form Submission | 2025-07-31 | 7.3 High |
| A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /register.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-32028 | 1 Psu | 1 Haxcms-php | 2025-07-30 | 10 Critical |
| HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is non-exhaustive and only blocks ’.php’, ’.sh’, ’.js’, and ’.css’ files. The existing logic causes the system to "fail open" rather than "fail closed." This vulnerability is fixed in 10.0.3. | ||||
| CVE-2025-7755 | 1 Online Ordering System Project | 1 Online Ordering System | 2025-07-30 | 6.3 Medium |
| A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9855 | 1 07fly | 3 07fly-cms, 07flycms, Customer Relationship Management | 2025-07-30 | 4.7 Medium |
| A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadFile of the file /admin/SysModule/upload/ajaxmodel/upload/uploadfilepath/sysmodule_1 of the component Module Plug-In Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. | ||||