Total
3867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-1306 | 2026-02-18 | N/A | 9.8 CRITICAL | ||
|
The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible granted the attacker can obtain a valid nonce. The nonce is exposed in frontend JavaScript making it trivially accessible to unauthenticated ...
Show More |
|||||
| CVE-2026-2550 | 2026-02-18 | 10.0 HIGH | 9.8 CRITICAL | ||
|
A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-6115 | 1 Clive 21 | 1 Simple Online Hotel Reservation System | 2026-02-18 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268867.
|
|||||
| CVE-2024-6116 | 1 Clive 21 | 1 Simple Online Hotel Reservation System | 2026-02-18 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268868.
|
|||||
| CVE-2024-7694 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2026-02-18 | N/A | 7.2 HIGH |
|
ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server.
|
|||||
| CVE-2026-1331 | 1 Hamastar | 1 Meetinghub Paperless Meetings | 2026-02-17 | N/A | 9.8 CRITICAL |
|
MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
|
|||||
| CVE-2026-2146 | 1 Guchengwuyue | 1 Yshopmall | 2026-02-17 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2023-33498 | 1 Alistgo | 1 Alist | 2026-02-13 | N/A | 8.8 HIGH |
|
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.
|
|||||
| CVE-2022-45968 | 1 Alistgo | 1 Alist | 2026-02-13 | N/A | 8.8 HIGH |
|
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).
|
|||||
| CVE-2026-2097 | 1 Flowring | 1 Agentflow | 2026-02-13 | N/A | 8.8 HIGH |
|
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
|
|||||
| CVE-2025-14014 | 2026-02-13 | N/A | 9.8 CRITICAL | ||
|
Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Panel: before 20251215.
|
|||||
| CVE-2026-1458 | 1 Gitlab | 1 Gitlab | 2026-02-12 | N/A | 6.5 MEDIUM |
|
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files.
|
|||||
| CVE-2020-37113 | 1 Gunet | 1 Open Eclass Platform | 2026-02-12 | N/A | 8.8 HIGH |
|
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.
|
|||||
| CVE-2025-69618 | 1 Coto.world | 1 Coto | 2026-02-11 | N/A | 6.5 MEDIUM |
|
An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code execution or exposure of sensitive information.
|
|||||
| CVE-2025-61506 | 1 Mediacrush | 1 Mediacrush | 2026-02-11 | N/A | 9.8 CRITICAL |
|
An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.
|
|||||
| CVE-2025-65875 | 1 Fpdf | 1 Fpdf | 2026-02-11 | N/A | 8.8 HIGH |
|
An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
|
|||||
| CVE-2025-69906 | 1 Monstra | 1 Monstra Cms | 2026-02-11 | N/A | 8.8 HIGH |
|
Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution.
|
|||||
| CVE-2025-69981 | 1 Frangoteam | 1 Fuxa | 2026-02-11 | N/A | 9.8 CRITICAL |
|
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files (such as the SQLite user database) to gain administrative access, or to upload malicious scripts to execute arbitrary code.
|
|||||
| CVE-2025-70849 | 1 Stefanprodan | 1 Podinfo | 2026-02-11 | N/A | 6.1 MEDIUM |
|
Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequate Content-Type validation, leading to Stored Cross-Site Scripting (XSS).
|
|||||
| CVE-2026-1357 | 2026-02-11 | N/A | 9.8 CRITICAL | ||
|
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's A ...
Show More |
|||||
| CVE-2026-25510 | 1 Ci4-cms-erp | 1 Ci4ms | 2026-02-10 | N/A | 9.9 CRITICAL |
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution (RCE) by leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. This issue has been patched in version 0.28.5.0.
|
|||||
| CVE-2026-24673 | 1 Gunet | 1 Open Eclass Platform | 2026-02-10 | N/A | 4.3 MEDIUM |
|
The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnerability allows attackers to upload files with prohibited extensions by embedding them inside ZIP archives and extracting them using the application’s built-in decompression functionality. This issue has been patched in version 4.2.
|
|||||
| CVE-2020-37090 | 1 Arox | 1 School Erp Pro | 2026-02-10 | N/A | 9.8 CRITICAL |
|
School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through the message attachment feature, enabling remote code execution on the server.
|
|||||
| CVE-2020-37084 | 1 Arox | 1 School Erp Pro | 2026-02-10 | N/A | 7.2 HIGH |
|
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the server.
|
|||||
| CVE-2026-25923 | 2026-02-10 | N/A | N/A | ||
|
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file (disguised as JPEG) via the image upload feature, trigger Phar deserialization through BBCode [img] tag processing, and exploit Smarty 4.1.0 POP chain to achieve arbitrary file deletion. This vulnerability is fixed in 20260208.1.
|
|||||
| CVE-2026-2213 | 1 Fabian | 1 Online Music Site | 2026-02-10 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of the argument txtimage results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2020-36942 | 1 Victor Cms Project | 1 Victor Cms | 2026-02-10 | N/A | 8.8 HIGH |
|
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.
|
|||||
| CVE-2020-37073 | 1 Victor Cms Project | 1 Victor Cms | 2026-02-10 | N/A | 8.8 HIGH |
|
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter.
|
|||||
| CVE-2026-2133 | 1 Fabian | 1 Online Music Site | 2026-02-10 | 7.5 HIGH | 7.3 HIGH |
|
A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the argument txtimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-10465 | 2026-02-09 | N/A | 8.8 HIGH | ||
|
Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sensaway: through 09022026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2026-24897 | 1 Erugo | 1 Erugo | 2026-02-09 | N/A | 10.0 CRITICAL |
|
Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient validation of user‑supplied paths when creating shares.
By specifying a writable path within the public web root, an attacker can upload and execute arbitrary code on the server, resulting in remote code execution (RCE). This vulnerability allows a low-privileged user to fully compromise the affected Er ...
Show More |
|||||
| CVE-2021-47783 | 1 Phpwcms | 1 Phpwcms | 2026-02-09 | N/A | 5.4 MEDIUM |
|
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.
|
|||||
| CVE-2025-68398 | 1 Weblate | 1 Weblate | 2026-02-06 | N/A | 9.1 CRITICAL |
|
Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
|
|||||
| CVE-2026-1152 | 1 Technical-laohu | 1 Mpay | 2026-02-06 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2022-40924 | 1 Phpgurukul | 1 Zoo Management System | 2026-02-06 | N/A | 7.2 HIGH |
|
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
|
|||||
| CVE-2024-32256 | 1 Phpgurukul | 1 Tourism Management System | 2026-02-06 | N/A | 8.1 HIGH |
|
Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image.
|
|||||
| CVE-2026-25056 | 1 N8n | 1 N8n | 2026-02-05 | N/A | 8.8 HIGH |
|
n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or modify workflows to write arbitrary files to the n8n server's filesystem potentially leading to remote code execution. This issue has been patched in versions 1.118.0 and 2.4.0.
|
|||||
| CVE-2025-65783 | 1 Hubert | 1 Hub | 2026-02-05 | N/A | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.
|
|||||
| CVE-2025-57794 | 1 Explorance | 1 Blue | 2026-02-05 | N/A | 9.1 CRITICAL |
|
Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables remote code execution under default configurations.
|
|||||
| CVE-2025-57795 | 1 Explorance | 1 Blue | 2026-02-05 | N/A | 9.9 CRITICAL |
|
Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution.
|
|||||