Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4037 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37113 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2026-02-12 | 8.8 High |
| GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature. | ||||
| CVE-2025-61506 | 1 Mediacrush | 1 Mediacrush | 2026-02-11 | 9.8 Critical |
| An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint. | ||||
| CVE-2025-65875 | 2 Fpdf, Setasign | 2 Fpdf, Fpdf | 2026-02-11 | 8.8 High |
| An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2025-69906 | 1 Monstra | 1 Monstra Cms | 2026-02-11 | 8.8 High |
| Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in a web-accessible directory. Under typical server configurations, this can allow an attacker to upload files that are interpreted as executable code, resulting in remote code execution. | ||||
| CVE-2025-69981 | 1 Frangoteam | 1 Fuxa | 2026-02-11 | 7.5 High |
| FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critical system files (such as the SQLite user database) to gain administrative access, or to upload malicious scripts to execute arbitrary code. | ||||
| CVE-2025-70849 | 1 Stefanprodan | 1 Podinfo | 2026-02-11 | 6.1 Medium |
| Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without a restrictive Content-Security-Policy (CSP) or adequate Content-Type validation, leading to Stored Cross-Site Scripting (XSS). | ||||
| CVE-2020-36942 | 2 Victor Cms Project, Victoralagwu | 2 Victor Cms, Cmssite | 2026-02-10 | 8.8 High |
| Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser. | ||||
| CVE-2020-37073 | 2 Victor Cms Project, Victoralagwu | 2 Victor Cms, Cmssite | 2026-02-10 | 8.8 High |
| Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter. | ||||
| CVE-2025-66802 | 2 Covid-19 Contact Tracing System Project, Sourcecodester | 2 Covid-19 Contact Tracing System, Covid-19 Contact Tracing System | 2026-02-09 | 9.8 Critical |
| Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into imagem of the user enabling RCE. | ||||
| CVE-2025-68398 | 1 Weblate | 1 Weblate | 2026-02-06 | 9.1 Critical |
| Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue. | ||||
| CVE-2022-40924 | 1 Phpgurukul | 1 Zoo Management System | 2026-02-06 | 7.2 High |
| Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system. | ||||
| CVE-2024-32256 | 1 Phpgurukul | 1 Tourism Management System | 2026-02-06 | 8.1 High |
| Phpgurukul Tourism Management System v2.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via /tms/admin/change-image.php. When updating a current package, there are no checks for what types of files are uploaded from the image. | ||||
| CVE-2025-65783 | 1 Hubert | 1 Hub | 2026-02-05 | 9.8 Critical |
| An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. | ||||
| CVE-2025-57794 | 1 Explorance | 1 Blue | 2026-02-05 | 9.1 Critical |
| Explorance Blue versions prior to 8.14.9 contain an authenticated unrestricted file upload vulnerability in the administrative interface. The application does not adequately restrict uploaded file types, allowing malicious files to be uploaded and executed by the server. This condition enables remote code execution under default configurations. | ||||
| CVE-2025-57795 | 1 Explorance | 1 Blue | 2026-02-05 | 9.9 Critical |
| Explorance Blue versions prior to 8.14.13 contain an authenticated remote file download vulnerability in a web service component. In default configurations, this flaw can be leveraged to achieve remote code execution. | ||||
| CVE-2020-35945 | 1 Elegantthemes | 3 Divi, Divi Builder, Extra | 2026-02-04 | 9.9 Critical |
| An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side. | ||||
| CVE-2025-48782 | 1 Scshr | 1 Hr Portal | 2026-02-04 | 9.8 Critical |
| An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file. | ||||
| CVE-2025-69559 | 2 Carmelo, Code-projects | 2 Computer Book Store, Computer Book Store | 2026-02-03 | 9.8 Critical |
| code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php. | ||||
| CVE-2024-5911 | 2 Palo Alto Networks, Paloaltonetworks | 2 Pan-os, Pan-os | 2026-01-30 | 4.9 Medium |
| An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online. | ||||
| CVE-2025-8889 | 2 Eliehanna, Wordpress | 3 Compress And Upload Plugin, Compress And Upload Plugin, Wordpress | 2026-01-30 | 3.8 Low |
| The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | ||||