Total
3971 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2749 | 1 Kentico | 1 Xperience | 2025-12-17 | 7.2 High |
| An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178. | ||||
| CVE-2020-36897 | 2 Howfor, Qihang Media | 2 Qihang Media Web Digital Signage, Web Digital Signage | 2025-12-17 | 9.8 Critical |
| QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit the file upload functionality by using the 'remotePath' and 'fileToUpload' parameters to write and execute arbitrary system commands on the server. | ||||
| CVE-2025-14642 | 2 Carmelo, Code-projects | 2 Computer Laboratory System, Computer Laboratory System | 2025-12-16 | 4.7 Medium |
| A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical_staff_pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-14641 | 2 Carmelo, Code-projects | 2 Computer Laboratory System, Computer Laboratory System | 2025-12-16 | 4.7 Medium |
| A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2022-26645 | 1 Oretnom23 | 1 Banking System | 2025-12-16 | 9.8 Critical |
| A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. | ||||
| CVE-2025-14530 | 2 Remyandrade, Sourcecodester | 2 Real Estate Property Listing App, Real Estate Property Listing App | 2025-12-16 | 4.7 Medium |
| A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-39539 | 1 Ami | 1 Aptio V | 2025-12-16 | 7.5 High |
| AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | ||||
| CVE-2024-0800 | 1 Arcserve | 2 Arcserve Unified Data Protection, Udp | 2025-12-16 | 8.8 High |
| A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet. | ||||
| CVE-2024-23534 | 1 Ivanti | 1 Avalanche | 2025-12-16 | 8.8 High |
| An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-33006 | 1 Sap | 1 Netweaver | 2025-12-16 | 9.6 Critical |
| An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system. | ||||
| CVE-2024-58295 | 1 Elkarte | 1 Forum | 2025-12-16 | N/A |
| ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing the uploaded file in the theme directory. | ||||
| CVE-2015-10138 | 1 Lynton Reed | 1 Work The Flow File Upload | 2025-12-16 | 9.8 Critical |
| The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | ||||
| CVE-2025-13646 | 2 Wordpress, Wpchill | 3 Wordpress, Image Gallery, Modula Image Gallery | 2025-12-15 | 7.5 High |
| The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ajax_unzip_file' function in versions 2.13.1 to 2.13.2. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files with race condition on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-12853 | 1 Wpchill | 1 Modula Image Gallery | 2025-12-15 | 8.8 High |
| The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2018-4063 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2025-12-15 | 8.8 High |
| An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2025-43766 | 1 Liferay | 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more | 2025-12-12 | 9.8 Critical |
| The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows the upload of unrestricted files in the style books component that are processed within the environment enabling arbitrary code execution by attackers. | ||||
| CVE-2025-34328 | 1 Audiocodes | 3 Fax\/ivr, Fax Server, Interactive Voice Response | 2025-12-12 | 9.8 Critical |
| AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated script-management endpoint at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplied data directly to a server-side file path under the privileges of the web service account, which runs as NT AUTHORITY\\SYSTEM on Windows deployments. A remote, unauthenticated attacker can write arbitrary files into the product’s web-accessible directory structure and subsequently execute them. | ||||
| CVE-2025-34329 | 1 Audiocodes | 3 Fax\/ivr, Fax Server, Interactive Voice Response | 2025-12-12 | 9.8 Critical |
| AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates the directory if it does not exist, and then moves an uploaded file to that location using the attacker-controlled filename, without any authentication, authorization, or file-type validation. On default Windows deployments where the backup directory resolves to the system drive, a remote attacker can upload web server or interpreter configuration files that cause a log file or other server-controlled resource to be treated as executable code. This allows subsequent HTTP requests to trigger arbitrary command execution under the web server account, which runs as NT AUTHORITY\\SYSTEM. | ||||
| CVE-2025-34330 | 1 Audiocodes | 3 Fax\/ivr, Fax Server, Interactive Voice Response | 2025-12-12 | 5.3 Medium |
| AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated prompt upload endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.php. The script accepts an uploaded file and writes it into the C:\\F2MAdmin\\tmp directory using a filename derived from application constants, without any authentication, authorization, or file-type validation. A remote, unauthenticated attacker can upload or overwrite prompt- or music-on-hold–related files in this directory, potentially leading to tampering with IVR audio content or preparing files for use in further attacks. | ||||
| CVE-2025-65897 | 2 Zdh Web Project, Zhaoyachao | 2 Zdh Web, Zdh Web | 2025-12-12 | 8.8 High |
| zdh_web is a data collection, processing, monitoring, scheduling, and management platform. In zdh_web thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files and leading to privilege escalation or remote code execution. | ||||