Total
2997 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48202 | 1 Thecosy | 1 Icecms | 2025-04-18 | 9.8 Critical |
| icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile. | ||||
| CVE-2023-50692 | 1 Jizhicms | 1 Jizhicms | 2025-04-17 | 8.8 High |
| File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | ||||
| CVE-2024-2599 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | 9.9 Critical |
| File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure. | ||||
| CVE-2025-27282 | 2025-04-17 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files. This issue affects Theme File Duplicator: from n/a through 1.3. | ||||
| CVE-2025-31339 | 2025-04-17 | N/A | ||
| An unrestricted upload of file with dangerous type vulnerability in the course management function of Wisdom Master Pro versions 5.0 through 5.2 allows remote authenticated users to craft a malicious file. | ||||
| CVE-2025-32652 | 2025-04-17 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files. This issue affects Solace Extra: from n/a through 1.3.1. | ||||
| CVE-2025-32660 | 2025-04-17 | 10 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2. | ||||
| CVE-2025-39436 | 2025-04-17 | 9.1 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0. | ||||
| CVE-2025-32682 | 2025-04-17 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34. | ||||
| CVE-2025-3764 | 2025-04-17 | 6.3 Medium | ||
| A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This vulnerability affects unknown code of the file /edit-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3765 | 2025-04-17 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-51421 | 1 Soft8soft | 1 Verge3d | 2025-04-17 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | ||||
| CVE-2023-52044 | 1 Std42 | 1 Elfinder | 2025-04-17 | 9.8 Critical |
| Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension. | ||||
| CVE-2022-46135 | 1 Aerocms Project | 1 Aerocms | 2025-04-17 | 7.2 High |
| In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. | ||||
| CVE-2022-46839 | 1 Wiselyhub | 1 Js Help Desk | 2025-04-17 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | ||||
| CVE-2023-42248 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | 6.5 Medium |
| An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php". | ||||
| CVE-2022-46020 | 1 Wbce | 1 Wbce Cms | 2025-04-17 | 9.8 Critical |
| WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. | ||||
| CVE-2024-46377 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2025-04-16 | 9.8 Critical |
| Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. | ||||
| CVE-2024-33438 | 1 Cubecart | 1 Cubecart | 2025-04-16 | 8 High |
| File Upload vulnerability in CubeCart before 6.5.5 allows an authenticated user to execute arbitrary code via a crafted .phar file. | ||||
| CVE-2024-31615 | 1 Thinkcmf | 1 Thinkcmf | 2025-04-16 | 9.8 Critical |
| ThinkCMF 6.0.9 is vulnerable to File upload via UeditorController.php. | ||||