Total
3976 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41711 | 1 Uatech | 1 Badaso | 2025-05-07 | 9.8 Critical |
| Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | ||||
| CVE-2024-1260 | 1 Juanpao | 1 Jpshop | 2025-05-07 | 6.3 Medium |
| A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999. | ||||
| CVE-2022-39978 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-07 | 7.2 High |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | ||||
| CVE-2022-39977 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2025-05-07 | 7.2 High |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | ||||
| CVE-2025-0471 | 1 Sigb | 1 Pmb | 2025-05-07 | 9.9 Critical |
| Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely. | ||||
| CVE-2025-0472 | 1 Sigb | 1 Pmb | 2025-05-07 | 7.5 High |
| Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response. | ||||
| CVE-2022-43231 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-07 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-42189 | 1 Emlog | 1 Emlog | 2025-05-07 | 7.2 High |
| Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. | ||||
| CVE-2022-43275 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-07 | 7.2 High |
| Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2024-48594 | 2 Fast5, Sourcecodester | 2 Prison Management System, Prison Management System | 2025-05-06 | 8.8 High |
| File Upload vulnerability in Prison Management System v.1.0 allows a remote attacker to execute arbitrary code via the file upload component. | ||||
| CVE-2022-41681 | 1 Formalms | 1 Formalms | 2025-05-06 | 9.9 Critical |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. | ||||
| CVE-2022-42925 | 1 Formalms | 1 Formalms | 2025-05-06 | 9.9 Critical |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection. | ||||
| CVE-2022-33859 | 1 Eaton | 1 Foreseer Electrical Power Monitoring System | 2025-05-06 | 8.1 High |
| A security vulnerability was discovered in the Eaton Foreseer EPMS software. Foreseer EPMS connects an operation’s vast array of devices to assist in the reduction of energy consumption and avoid unplanned downtime caused by the failures of critical systems. A threat actor may upload arbitrary files using the file upload feature. This vulnerability is present in versions 4.x, 5.x, 6.x & 7.0 to 7.5. A new version (v7.6) containing the remediation has been made available by Eaton and a mitigation has been provided for the affected versions that are currently supported. Customers are advised to update the software to the latest version (v7.6). Foreseer EPMS versions 4.x, 5.x, 6.x are no longer supported by Eaton. Please refer to the End-of-Support notification https://www.eaton.com/in/en-us/catalog/services/foreseer/foreseer-legacy.html . | ||||
| CVE-2024-27283 | 1 Veritas | 1 Ediscovery Platform | 2025-05-06 | 7.2 High |
| A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed. | ||||
| CVE-2024-5080 | 1 Tipsandtricks-hq | 1 Wp Emember | 2025-05-06 | 8.8 High |
| The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server | ||||
| CVE-2025-3914 | 1 Aeropage | 1 Aeropage Sync For Airtable | 2025-05-06 | 8.8 High |
| The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2022-40471 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2025-05-06 | 9.8 Critical |
| Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php | ||||
| CVE-2024-13418 | 1 G5plus | 4 April, Auteur, Benaa and 1 more | 2025-05-06 | 8.8 High |
| Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts() function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that can make remote code execution possible. This issue was escalated to Envato over two months from the date of this disclosure and the issue, while partially patched, is still vulnerable. | ||||
| CVE-2024-29848 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.2 High |
| An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-22393 | 2 Apache, Apache Software Foundation | 2 Answer, Apache Answer | 2025-05-05 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue. | ||||