Total
3867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20354 | 1 Cisco | 1 Unified Contact Center Express | 2025-11-07 | N/A | 9.8 CRITICAL |
|
A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system.
This vulnerability is due to improper authentication mechanisms that are associated to specific Cisco Unified CCX features. An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successf ...
Show More |
|||||
| CVE-2025-2350 | 1 Iroadau | 2 Fx2, Fx2 Firmware | 2025-11-06 | 5.8 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/upload_file. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-30131 | 1 Iroadau | 2 Fx2, Fx2 Firmware | 2025-11-06 | N/A | 9.8 CRITICAL |
|
An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover.
|
|||||
| CVE-2025-12346 | 1 Max-3000 | 1 Maxsite Cms | 2025-11-06 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDir results in unrestricted upload. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in an ...
Show More |
|||||
| CVE-2025-12347 | 1 Max-3000 | 1 Maxsite Cms | 2025-11-06 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A flaw has been found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-26497 | 3 Linux, Microsoft, Tableau | 3 Linux Kernel, Windows, Tableau Server | 2025-11-06 | N/A | 7.3 HIGH |
|
Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.
|
|||||
| CVE-2025-12674 | 2025-11-06 | N/A | 9.8 CRITICAL | ||
|
The KiotViet Sync plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the create_media() function in all versions up to, and including, 1.8.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
|
|||||
| CVE-2025-40599 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2025-11-06 | N/A | 9.1 CRITICAL |
|
An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary files to the system, potentially leading to remote code execution.
|
|||||
| CVE-2025-7939 | 1 Jerryshensjf | 1 Jpacookieshop | 2025-11-06 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in jerryshensjf JPACookieShop 蛋糕商城JPA版 1.0. It has been classified as critical. Affected is the function addGoods of the file GoodsController.java. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely.
|
|||||
| CVE-2022-47878 | 1 Jedox | 1 Jedox | 2025-11-06 | N/A | 8.8 HIGH |
|
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability affects installations running version 22.2 or earlier. The issue was resolved with the version 22.3 and later versions are not affected. Additionally, the vendor states that this vulnerability affects on-pre ...
Show More |
|||||
| CVE-2025-12593 | 1 Fabian | 1 Simple Online Hotel Reservation System | 2025-11-05 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/edit_room.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2020-36863 | 1 Nagios | 1 Nagios Xi | 2025-11-05 | N/A | 8.8 HIGH |
|
Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not properly restrict file types or enforce storage outside of the webroot, and the web server permitted execution within the upload directory. An authenticated attacker with access to the audio import feature could upload a crafted PHP file and then request it to achieve remote code execution with the privileges of the application service.
|
|||||
| CVE-2024-50623 | 1 Cleo | 3 Harmony, Lexicom, Vltrader | 2025-11-05 | N/A | 9.8 CRITICAL |
|
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
|
|||||
| CVE-2025-2749 | 1 Kentico | 1 Xperience | 2025-11-04 | N/A | 7.2 HIGH |
|
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178.
|
|||||
| CVE-2025-0520 | 2025-11-04 | N/A | N/A | ||
|
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7.
|
|||||
| CVE-2024-13986 | 1 Nagios | 1 Nagios Xi | 2025-11-04 | N/A | 8.8 HIGH |
|
Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from insufficient validation of file paths and extensions during MIB upload and snapshot rename operations. Exploitation results in the placement of attacker-controlled PHP files in a web-accessible directory, executed as the www-data user.
|
|||||
| CVE-2023-49715 | 1 Wwbn | 1 Avideo | 2025-11-04 | N/A | 4.3 MEDIUM |
|
A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability.
|
|||||
| CVE-2024-3705 | 1 Opengnsys | 1 Opengnsys | 2025-11-04 | N/A | 8.8 HIGH |
|
Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection.
|
|||||
| CVE-2024-32002 | 1 Git | 1 Git | 2025-11-04 | N/A | 9.0 CRITICAL |
|
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in ...
Show More |
|||||
| CVE-2024-57968 | 1 Advantive | 1 Veracore | 2025-11-04 | N/A | 9.9 CRITICAL |
|
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.
|
|||||
| CVE-2025-11499 | 2025-11-04 | N/A | 9.8 CRITICAL | ||
|
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image_from_external_url() function in all versions up to, and including, 1.1.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible in configurations where unauthenticated users have been provided ...
Show More |
|||||
| CVE-2025-48396 | 2025-11-04 | N/A | 8.3 HIGH | ||
|
Arbitrary code execution is possible due to improper validation of the file upload functionality in Eaton BLSS. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004).
|
|||||
| CVE-2025-11755 | 2025-11-04 | N/A | 8.8 HIGH | ||
|
The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file uploads when importing recipes via CSV in all versions up to, and including, 1.9.0. This flaw allows an attacker with at least Contributor-level permissions to upload a malicious PHP file by providing a remote URL during a recipe import process, leading to Remote Code Execution (RCE).
|
|||||
| CVE-2025-12171 | 2025-11-04 | N/A | 8.8 HIGH | ||
|
The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingest_image() function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This requires the attacker have access to a defined third-party server as specified in the settings, so it is unlikely th ...
Show More |
|||||
| CVE-2025-12682 | 2025-11-04 | N/A | 9.8 CRITICAL | ||
|
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible.
|
|||||
| CVE-2025-11724 | 2025-11-04 | N/A | 8.8 HIGH | ||
|
The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3.2.3. This is due to missing file type validation in the EMBM_Admin_Untappd_Import_image() function and missing authorization checks on the wp_ajax_embm-untappd-import action. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files including PHP files and execute code on the server gra ...
Show More |
|||||
| CVE-2021-40524 | 1 Pureftpd | 1 Pure-ftpd | 2025-11-04 | 5.0 MEDIUM | 7.5 HIGH |
|
In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)
|
|||||
| CVE-2024-47946 | 2025-11-03 | N/A | 7.2 HIGH | ||
|
If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code executes once the uploaded file is accessed. This allows the execution of arbitrary PHP code and OS commands on the device as "www-data".
|
|||||
| CVE-2025-26411 | 2025-11-03 | N/A | 8.8 HIGH | ||
|
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web interface to be able to conduct this attack. This issue is fixed in recent firmware versions BSP >= 6.1.0.
|
|||||
| CVE-2024-44220 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 5.5 MEDIUM |
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination.
|
|||||
| CVE-2025-54769 | 1 Xorux | 1 Lpar2rrd | 2025-11-03 | N/A | 8.8 HIGH |
|
An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.
|
|||||
| CVE-2025-27683 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | N/A | 8.8 HIGH |
|
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Driver Unrestricted Upload of File with Dangerous Type V-2022-006.
|
|||||
| CVE-2024-22641 | 1 Tcpdf Project | 1 Tcpdf | 2025-11-03 | N/A | 7.5 HIGH |
|
TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG file.
|
|||||
| CVE-2024-13723 | 2025-11-03 | N/A | 7.2 HIGH | ||
|
The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP.
|
|||||
| CVE-2025-64095 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-11-03 | N/A | 10.0 CRITICAL |
|
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the default HTML editor provider allows unauthenticated file uploads and images can overwrite existing files. An unauthenticated user can upload and replace existing files allowing defacing a website and combined with other issue, injection XSS payloads. This vulnerability is fixed in 10.1.1.
|
|||||
| CVE-2025-62802 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-11-03 | N/A | 4.3 MEDIUM |
|
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 10.1.1, the out-of-box experience for HTML editing allows unauthenticated users to upload files. This opens a potential vector to other security issues and is not needed on most implementations. This vulnerability is fixed in 10.1.1.
|
|||||
| CVE-2020-13671 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2025-11-03 | 6.5 MEDIUM | 8.8 HIGH |
|
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to 9.0.8, 8.9 versions prior to 8.9.9, 8.8 versions prior to 8.8.11, and 7 versions prior to 7.74.
|
|||||
| CVE-2025-12301 | 1 Fabian | 1 Simple Food Ordering System | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
|
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-12378 | 1 Fabian | 1 Simple Food Ordering System | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
|
A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
|
|||||
| CVE-2025-11318 | 1 Tipray | 1 Data Leakage Prevention System | 2025-11-03 | 7.5 HIGH | 7.3 HIGH |
|
A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This vulnerability affects unknown code of the file uploadWxFile.do. The manipulation of the argument File results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||