Total
2929 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2671 | 2025-03-24 | 6.3 Medium | ||
| A vulnerability was found in Yue Lao Blind Box 月老盲盒 up to 4.0. It has been declared as critical. This vulnerability affects the function base64image of the file /app/controller/Upload.php. The manipulation of the argument data leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2607 | 2025-03-24 | 6.3 Medium | ||
| A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-29405 | 2025-03-24 | 6.3 Medium | ||
| An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2024-54525 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-03-24 | 8.8 High |
| A logic issue was addressed with improved file handling. This issue is fixed in visionOS 2.2, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. Restoring a maliciously crafted backup file may lead to modification of protected system files. | ||||
| CVE-2025-2702 | 2025-03-24 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in Softwin WMX3 3.1. This issue affects the function ImageAdd of the file /ImageAdd.ashx. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-24646 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2025-03-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component /fos/admin/ajax.php of Food Ordering System v2.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2023-0255 | 1 Shortpixel | 1 Enable Media Replace | 2025-03-21 | 8.8 High |
| The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. | ||||
| CVE-2021-34639 | 1 W3eden | 1 Download Manager | 2025-03-21 | 7.5 High |
| Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions. | ||||
| CVE-2023-23851 | 1 Sap | 1 Business Planning And Consolidation | 2025-03-21 | 5.4 Medium |
| SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. If other users visit the uploaded malicious web page, the attacker may perform actions on behalf of the users without their consent impacting the confidentiality and integrity of the system. | ||||
| CVE-2023-24530 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2025-03-20 | 8.4 High |
| SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2024-8019 | 2025-03-20 | N/A | ||
| In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the `LightningApp` when running on a Windows host. The vulnerability occurs at the `/api/v1/upload_file/` endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations. | ||||
| CVE-2024-10901 | 2025-03-20 | N/A | ||
| In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file system. This can potentially lead to Remote Code Execution (RCE) by writing malicious files such as `__init__.py` in the Python's `/site-packages/` directory. | ||||
| CVE-2024-8060 | 2025-03-20 | N/A | ||
| OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. The application performs insufficient validation on the `file.content_type` and allows user-controlled filenames, leading to a path traversal vulnerability. This can be exploited by an authenticated user to overwrite critical files within the Docker container, potentially leading to remote code execution as the root user. | ||||
| CVE-2024-9920 | 2025-03-20 | N/A | ||
| In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more. Attackers can exploit this by uploading files with malicious content and then using the '/open_file' API endpoint to execute these files. The vulnerability arises from the use of 'subprocess.Popen' to open files without proper validation, leading to potential remote code execution. | ||||
| CVE-2024-8958 | 2025-03-20 | N/A | ||
| In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution. | ||||
| CVE-2023-47873 | 1 Wensolutions | 1 Wp Child Theme Generator | 2025-03-19 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9. | ||||
| CVE-2023-47846 | 1 Terryl | 1 Wp Githuber Md | 2025-03-19 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Terry Lin WP Githuber MD.This issue affects WP Githuber MD: from n/a through 1.16.2. | ||||
| CVE-2024-41913 | 1 Hp | 2 Poly Clariti Manager, Poly Clariti Manager Firmware | 2025-03-19 | 8.8 High |
| A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input. | ||||
| CVE-2023-38388 | 1 Artbees | 1 Jupiter X Core | 2025-03-19 | 9 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Artbees JupiterX Core.This issue affects JupiterX Core: from n/a through 3.3.5. | ||||
| CVE-2024-45644 | 1 Ibm | 1 Security Qradar Edr | 2025-03-19 | 4.7 Medium |
| IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment. | ||||