Total
3977 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6994 | 1 Indirmax.org | 1 Ozzywork Galeri | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks. | ||||
| CVE-2006-5845 | 1 Speedywiki | 1 Speedywiki | 2025-04-09 | N/A |
| Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1. | ||||
| CVE-2024-29100 | 2 Jordy Meow, Meowapps | 2 Ai-engine Chatgpt Chatbot, Ai Engine | 2025-04-08 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.1.4. | ||||
| CVE-2025-32370 | 1 Kentico | 1 Xperience | 2025-04-08 | 7.2 High |
| Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS. | ||||
| CVE-2025-3325 | 1 Iteaj | 1 Iboot | 2025-04-08 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in iteaj iboot 物联网网关 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-3778 | 1 Ai3 | 1 Qbibot | 2025-04-08 | 7.2 High |
| The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code. | ||||
| CVE-2025-25783 | 1 Emlog | 1 Emlog | 2025-04-07 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file. | ||||
| CVE-2025-3324 | 1 Godcheese | 1 Nimrod | 2025-04-07 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in godcheese/code-projects Nimrod 0.8. Affected by this issue is some unknown functionality of the file FileRestController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-42287 | 1 Nvidia | 2 Bmc, Dgx A100 | 2025-04-07 | 6 Medium |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. | ||||
| CVE-2024-20296 | 1 Cisco | 1 Identity Services Engine | 2025-04-07 | 4.7 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root. | ||||
| CVE-2024-31012 | 1 Sem-cms | 1 Semcms | 2025-04-04 | 9.8 Critical |
| An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file. | ||||
| CVE-2023-22851 | 1 Tiki | 1 Tiki | 2025-04-04 | 7.2 High |
| Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call. | ||||
| CVE-2024-34440 | 1 Meowapps | 1 Ai Engine | 2025-04-04 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 2.2.63. | ||||
| CVE-2024-31610 | 1 Code-projects | 1 Simple School Management System | 2025-04-04 | 6.3 Medium |
| File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file. | ||||
| CVE-2024-28890 | 2 Incsub, Wpmudev | 2 Forminator, Broken Link Checker | 2025-04-04 | 5.3 Medium |
| Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition. | ||||
| CVE-2021-26642 | 2 Microsoft, Xpressengine | 2 Windows, Xpressengine | 2025-04-03 | 8.8 High |
| When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running. | ||||
| CVE-2022-47766 | 1 Popojicms | 1 Popojicms | 2025-04-03 | 8.8 High |
| PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability. | ||||
| CVE-2024-25274 | 1 Xxyopen | 1 Novel-plus | 2025-04-02 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-22824 | 1 Auntvt | 1 Timo | 2025-04-02 | 9.8 Critical |
| An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. | ||||
| CVE-2022-47042 | 1 Mingsoft | 1 Mcms | 2025-04-02 | 8.8 High |
| MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do. | ||||