Total
3657 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8080 | 1 Atlassian | 1 Hipchat Server | 2025-04-20 | N/A |
| Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads. | ||||
| CVE-2017-7695 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code. | ||||
| CVE-2017-1000119 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | ||||
| CVE-2017-6027 | 1 Codesys | 1 Web Server | 2025-04-20 | N/A |
| An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualization software, are affected: CODESYS Web Server Versions 2.3 and prior. A specially crafted web server request may allow the upload of arbitrary files (with a dangerous type) to the CODESYS Web Server without authorization which may allow remote code execution. | ||||
| CVE-2020-22539 | 1 Codologic | 1 Codoforum | 2025-04-18 | 7.2 High |
| An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-32161 | 1 Jizhicms | 1 Jizhicms | 2025-04-18 | 9.8 Critical |
| jizhiCMS 2.5 suffers from a File upload vulnerability. | ||||
| CVE-2024-31351 | 1 Copymatic | 1 Copymatic | 2025-04-18 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.6. | ||||
| CVE-2024-48202 | 1 Thecosy | 1 Icecms | 2025-04-18 | 9.8 Critical |
| icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile. | ||||
| CVE-2023-50692 | 1 Jizhicms | 1 Jizhicms | 2025-04-17 | 8.8 High |
| File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to execute arbitrary code via a crafted file uploaded and downloaded to the download_url parameter in the app/admin/exts/ directory. | ||||
| CVE-2024-2599 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | 9.9 Critical |
| File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure. | ||||
| CVE-2025-31339 | 2025-04-17 | N/A | ||
| An unrestricted upload of file with dangerous type vulnerability in the course management function of Wisdom Master Pro versions 5.0 through 5.2 allows remote authenticated users to craft a malicious file. | ||||
| CVE-2025-27282 | 2025-04-17 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in rockgod100 Theme File Duplicator allows Using Malicious Files. This issue affects Theme File Duplicator: from n/a through 1.3. | ||||
| CVE-2025-32682 | 2025-04-17 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG Lite allows Upload a Web Shell to a Web Server. This issue affects MapSVG Lite: from n/a through 8.5.34. | ||||
| CVE-2025-32652 | 2025-04-17 | 9.9 Critical | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in solacewp Solace Extra allows Using Malicious Files. This issue affects Solace Extra: from n/a through 1.3.1. | ||||
| CVE-2023-51421 | 1 Soft8soft | 1 Verge3d | 2025-04-17 | 9.9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2. | ||||
| CVE-2023-52044 | 1 Std42 | 1 Elfinder | 2025-04-17 | 9.8 Critical |
| Studio-42 eLfinder 2.1.62 is vulnerable to Remote Code Execution (RCE) as there is no restriction for uploading files with the .php8 extension. | ||||
| CVE-2022-46135 | 1 Aerocms Project | 1 Aerocms | 2025-04-17 | 7.2 High |
| In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. | ||||
| CVE-2022-46839 | 1 Wiselyhub | 1 Js Help Desk | 2025-04-17 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | ||||
| CVE-2023-42248 | 1 Seling | 1 Visual Access Manager | 2025-04-17 | 6.5 Medium |
| An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php". | ||||
| CVE-2022-46020 | 1 Wbce | 1 Wbce Cms | 2025-04-17 | 9.8 Critical |
| WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. | ||||