Total
3110 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1253 | 1 Byzoro | 2 Smart S40, Smart S40 Firmware | 2025-06-10 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in Byzoro Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-26503 | 1 Openeclass | 1 Openeclass | 2025-06-10 | 9.1 Critical |
| Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint. | ||||
| CVE-2025-5299 | 1 Lerouxyxchire | 1 Client Database Management System | 2025-06-10 | 7.3 High |
| A vulnerability was found in SourceCodester Client Database Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /user_order_customer_update.php. The manipulation of the argument uploaded_file_cancelled leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-5840 | 1 Lerouxyxchire | 1 Client Database Management System | 2025-06-10 | 7.3 High |
| A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to initiate the attack remotely. | ||||
| CVE-2025-48471 | 1 Freescout | 1 Freescout | 2025-06-10 | 9.8 Critical |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to remote code execution if the Apache web server is used. This issue has been patched in version 1.8.179. | ||||
| CVE-2025-5728 | 1 Nikhil-bhalerao | 1 Open Source Clinic Management System | 2025-06-10 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-6636 | 1 Wpsoul | 1 Greenshift | 2025-06-10 | 7.2 High |
| The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-32514 | 1 Infotheme | 1 Wp Poll Maker | 2025-06-09 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4. | ||||
| CVE-2025-2780 | 2025-06-09 | 8.8 High | ||
| The Woffice Core plugin for WordPress, used by the Woffice Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'saveFeaturedImage' function in all versions up to, and including, 5.4.21. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-45997 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-06-09 | 8.6 High |
| Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg. | ||||
| CVE-2025-24650 | 1 Themefic | 1 Tourfic | 2025-06-09 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server. This issue affects Tourfic: from n/a through 2.15.3. | ||||
| CVE-2025-5873 | 2025-06-09 | 6.3 Medium | ||
| A vulnerability was found in eCharge Hardy Barth Salia PLCC 2.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /firmware.php of the component Web UI. The manipulation of the argument media leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-45854 | 1 Jehc | 1 Jehc-bpm | 2025-06-09 | 10 Critical |
| /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams. | ||||
| CVE-2025-49329 | 2025-06-06 | 6.6 Medium | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress allows Upload a Web Shell to a Web Server. This issue affects Store Locator WordPress: from n/a through 1.5.2. | ||||
| CVE-2025-48782 | 2025-06-06 | N/A | ||
| An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file. | ||||
| CVE-2024-48760 | 1 Gestioip | 1 Gestioip | 2025-06-06 | 9.8 Critical |
| An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution. | ||||
| CVE-2024-42563 | 1 Jerryhanjj | 1 Erp | 2025-06-05 | 9.8 Critical |
| An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file. | ||||
| CVE-2025-3054 | 2025-06-05 | 8.8 High | ||
| The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that this requires the 'Private Message' module to be enabled and the Business version of the PRO software to be in use. | ||||
| CVE-2024-24399 | 1 Lepton-cms | 1 Leptoncms | 2025-06-05 | 7.2 High |
| An arbitrary file upload vulnerability in LEPTON v7.0.0 allows authenticated attackers to execute arbitrary PHP code by uploading this code to the backend/languages/index.php languages area. | ||||
| CVE-2024-10627 | 2 Support Ticket System Project, Vanquish | 2 Support Ticket System, Woocommerce Support Ticket System | 2025-06-05 | 9.8 Critical |
| The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||