Total
2996 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-39557 | 2025-04-16 | 9.1 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Ben Ritner - Kadence WP Kadence WooCommerce Email Designer allows Upload a Web Shell to a Web Server. This issue affects Kadence WooCommerce Email Designer: from n/a through 1.5.14. | ||||
| CVE-2025-1980 | 2025-04-16 | N/A | ||
| The Ready_ application's Profile section allows users to upload files of any type and extension without restriction. If the server is misconfigured, as it was by default when installed at the turn of 2021 and 2022, it can result in Remote Code Execution. Refer to the Required Configuration for Exposure section for more information. | ||||
| CVE-2025-26927 | 2025-04-16 | 10 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in EPC AI Hub allows Upload a Web Shell to a Web Server. This issue affects AI Hub: from n/a through 1.3.3. | ||||
| CVE-2025-39538 | 2025-04-16 | 6.6 Medium | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Mathieu Chartier WP-Advanced-Search allows Upload a Web Shell to a Web Server. This issue affects WP-Advanced-Search: from n/a through 3.3.9.3. | ||||
| CVE-2025-0722 | 1 Needyamin | 1 Image Gallery Management System | 2025-04-16 | 4.7 Medium |
| A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-27683 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | 8.8 High |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Driver Unrestricted Upload of File with Dangerous Type V-2022-006. | ||||
| CVE-2022-21809 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2025-04-15 | 8.1 High |
| A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability. | ||||
| CVE-2025-3593 | 2025-04-15 | 6.3 Medium | ||
| A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3566 | 2025-04-15 | 7.3 High | ||
| A vulnerability, which was classified as critical, has been found in veal98 小牛肉 Echo 开源社区系统 4.2. This issue affects the function uploadMdPic of the file /discuss/uploadMdPic. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3565 | 2025-04-15 | 4.7 Medium | ||
| A vulnerability classified as critical was found in huanfenz/code-projects StudentManager 1.0. This vulnerability affects unknown code of the file /upload/uploadArticle.do of the component Announcement Management Section. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3551 | 2025-04-15 | 7.3 High | ||
| A vulnerability was found in Lingxing ERP 2 and classified as critical. Affected by this issue is the function DoUpload of the file /Api/FileUpload.ashx?method=DoUpload. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3558 | 2025-04-15 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, was found in ghostxbh uzy-ssm-mall 1.0.0. This affects an unknown part of the file /mall/user/uploadUserHeadImage. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3552 | 2025-04-15 | 7.3 High | ||
| A vulnerability was found in Lingxing ERP 2. It has been classified as critical. This affects an unknown part of the file /Api/TinyMce/UploadAjax.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3585 | 2025-04-15 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /upload/ of the component JSP Parser. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-34483 | 1 Mozilla | 1 Firefox | 2025-04-15 | 8.8 High |
| An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102. | ||||
| CVE-2022-34482 | 1 Mozilla | 1 Firefox | 2025-04-15 | 8.8 High |
| An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102. | ||||
| CVE-2025-2952 | 1 Bluestar | 1 Micro Mall | 2025-04-15 | 6.3 Medium |
| A vulnerability classified as critical was found in Bluestar Micro Mall 1.0. Affected by this vulnerability is an unknown functionality of the file /api/api.php?mod=upload&type=1. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-46493 | 1 Nbnbk Project | 1 Nbnbk | 2025-04-15 | 9.8 Critical |
| Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img. | ||||
| CVE-2022-46102 | 1 Ayacms Project | 1 Ayacms | 2025-04-15 | 9.8 Critical |
| AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php | ||||
| CVE-2022-45966 | 1 Classcms Project | 1 Classcms | 2025-04-15 | 9.8 Critical |
| here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5. | ||||