Total
3182 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24507 | 1 Agilepoint | 1 Agilepoint Nx | 2025-01-29 | 8.8 High |
| AgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request. | ||||
| CVE-2021-28998 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-01-29 | 7.2 High |
| File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. | ||||
| CVE-2023-28128 | 1 Ivanti | 1 Avalanche | 2025-01-28 | 7.2 High |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | ||||
| CVE-2023-48777 | 1 Elementor | 1 Website Builder | 2025-01-28 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Elementor.Com Elementor Website Builder.This issue affects Elementor Website Builder: from 3.3.0 through 3.18.1. | ||||
| CVE-2023-31689 | 1 Wcms | 1 Wcms | 2025-01-28 | 9.8 Critical |
| In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution. | ||||
| CVE-2023-31903 | 1 Freeguppy | 1 Guppy | 2025-01-27 | 9.8 Critical |
| GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file. | ||||
| CVE-2023-29930 | 1 Genesys | 1 Tftp Server | 2025-01-27 | 8.8 High |
| An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page. | ||||
| CVE-2021-34076 | 1 Phpok | 1 Phpok | 2025-01-27 | 8.8 High |
| File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. | ||||
| CVE-2023-2648 | 1 Weaver | 1 E-office | 2025-01-24 | 6.3 Medium |
| A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-30247 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2025-01-24 | 9.8 Critical |
| File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. | ||||
| CVE-2023-29657 | 1 Extplorer | 1 Extplorer | 2025-01-24 | 8.8 High |
| eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions. | ||||
| CVE-2024-13091 | 1 Wpbot | 1 Wpot | 2025-01-24 | 9.8 Critical |
| The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and including, 13.5.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Note: The exploit requires thee ChatBot Conversational Forms plugin and the Conversational Form Builder Pro addon plugin. | ||||
| CVE-2025-0702 | 2025-01-24 | 6.3 Medium | ||
| A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2024-25994 | 1 Phoenixcontact | 12 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 9 more | 2025-01-24 | 5.3 Medium |
| An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. | ||||
| CVE-2023-30333 | 1 Perfree | 1 Perfreeblog | 2025-01-23 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2023-31576 | 1 S9y | 1 Serendipity | 2025-01-23 | 8.8 High |
| An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. | ||||
| CVE-2024-22426 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-01-23 | 7.2 High |
| Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise. | ||||
| CVE-2023-31857 | 1 Oretnom23 | 1 Online Computer And Laptop Store | 2025-01-23 | 9.8 Critical |
| Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save. | ||||
| CVE-2024-29974 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** The remote code execution vulnerability in the CGI program “file_upload-cgi” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute arbitrary code by uploading a crafted configuration file to a vulnerable device. | ||||
| CVE-2025-23921 | 2025-01-22 | 9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Multi Uploader for Gravity Forms allows Upload a Web Shell to a Web Server. This issue affects Multi Uploader for Gravity Forms: from n/a through 1.1.3. | ||||