Total
3052 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-46373 | 1 Dedecms | 1 Dedecms | 2025-03-31 | N/A | 8.8 HIGH |
| Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. | |||||
| CVE-2025-29411 | 1 Martmbithi | 1 Ibanking | 2025-03-28 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2024-3863 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-03-28 | N/A | 9.8 CRITICAL |
| The executable file warning was not presented when downloading .xrm-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | |||||
| CVE-2022-48008 | 1 Limesurvey | 1 Limesurvey | 2025-03-28 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-48006 | 1 Taogogo | 1 Taocms | 2025-03-28 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | |||||
| CVE-2024-27747 | 1 Mayurik | 1 Petrol Pump Management | 2025-03-28 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component. | |||||
| CVE-2024-24146 | 1 Libming | 1 Libming | 2025-03-27 | N/A | 6.5 MEDIUM |
| A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file. | |||||
| CVE-2022-47854 | 1 I-librarian | 1 I-librarian | 2025-03-27 | N/A | 9.8 CRITICAL |
| i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php. | |||||
| CVE-2025-2705 | 2025-03-27 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2749 | 2025-03-27 | N/A | 7.2 HIGH | ||
| An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178. | |||||
| CVE-2025-2748 | 2025-03-27 | N/A | 6.5 MEDIUM | ||
| The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178. | |||||
| CVE-2025-2706 | 2025-03-27 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in Digiwin ERP 5.0.1. Affected by this vulnerability is an unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2819 | 2025-03-27 | N/A | 6.6 MEDIUM | ||
| There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user. | |||||
| CVE-2022-47769 | 1 Serinf | 1 Fast Checkin | 2025-03-27 | N/A | 9.8 CRITICAL |
| An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell. | |||||
| CVE-2024-25832 | 1 F-logic | 1 Datacube3 | 2025-03-27 | N/A | 8.8 HIGH |
| F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension. | |||||
| CVE-2023-24610 | 1 Nosh Chartingsystem Project | 1 Nosh Chartingsystem | 2025-03-27 | N/A | 8.8 HIGH |
| NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting. | |||||
| CVE-2023-23135 | 1 Ftdms Project | 1 Ftdms | 2025-03-27 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file. | |||||
| CVE-2023-0587 | 1 Trendmicro | 1 Apex One | 2025-03-27 | N/A | 9.1 CRITICAL |
| A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed. | |||||
| CVE-2022-48079 | 1 Mengnai | 1 Aapanel Host System | 2025-03-27 | N/A | 9.8 CRITICAL |
| Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system. | |||||
| CVE-2022-46604 | 1 Tecrail | 1 Responsive Filemanager | 2025-03-27 | N/A | 8.8 HIGH |
| An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | |||||