Export limit exceeded: 341116 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4035 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12500 | 2 Quadlayers, Wordpress | 2 Checkout Field Manager (checkout Manager) For Woocommerce, Wordpress | 2026-02-19 | 5.3 Medium |
| The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the "ajax_checkout_attachment_upload" function. This makes it possible for unauthenticated attackers to upload files to the server, though file types are limited to WordPress's default allowed MIME types (images, documents, etc.). | ||||
| CVE-2026-1405 | 2 Franchidesign, Wordpress | 2 Slider Future, Wordpress | 2026-02-19 | 9.8 Critical |
| The Slider Future plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'slider_future_handle_image_upload' function in all versions up to, and including, 1.0.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2026-1306 | 2 Adminkov, Wordpress | 2 Midi-synth, Wordpress | 2026-02-18 | 9.8 Critical |
| The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the 'export' AJAX action in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible granted the attacker can obtain a valid nonce. The nonce is exposed in frontend JavaScript making it trivially accessible to unauthenticated attackers. | ||||
| CVE-2024-25846 | 1 Myprestamodules | 2 Product Catalog \(csv\, Excel\) Import, Simpleimportproduct | 2026-02-18 | 9.1 Critical |
| In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php. | ||||
| CVE-2024-6116 | 1 Clive 21 | 1 Simple Online Hotel Reservation System | 2026-02-18 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file edit_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268868. | ||||
| CVE-2024-6115 | 1 Clive 21 | 1 Simple Online Hotel Reservation System | 2026-02-18 | 7.3 High |
| A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268867. | ||||
| CVE-2025-69565 | 2 Code-projects, Fabian | 2 Mobile Shop Management System, Mobile Shop Management System | 2026-02-18 | 9.8 Critical |
| code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php. | ||||
| CVE-2024-7694 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2026-02-18 | 7.2 High |
| ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server. | ||||
| CVE-2025-41347 | 2 Iest, Informatica Del Este | 2 Winplus, Winplus | 2026-02-18 | 9.8 Critical |
| Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'. | ||||
| CVE-2026-1331 | 1 Hamastar | 2 Meetinghub, Meetinghub Paperless Meetings | 2026-02-17 | 9.8 Critical |
| MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | ||||
| CVE-2026-23686 | 1 Sap | 2 Netweaver Application Server Java, Sap Netweaver Application Server Java | 2026-02-17 | 3.4 Low |
| Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated configuration, allowing manipulation of application-controlled settings. Successful exploitation leads to a low impact on integrity, while confidentiality and availability remain unaffected. | ||||
| CVE-2025-14014 | 1 Ntn Information Processing Services Computer Software Hardware Industry And Trade Ltd. Co. | 1 Smart Panel | 2026-02-13 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Smart Panel: before 20251215. | ||||
| CVE-2023-33498 | 1 Alistgo | 1 Alist | 2026-02-13 | 8.8 High |
| alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file. | ||||
| CVE-2022-45968 | 1 Alistgo | 1 Alist | 2026-02-13 | 8.8 High |
| Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one). | ||||
| CVE-2026-2097 | 1 Flowring | 1 Agentflow | 2026-02-13 | 8.8 High |
| Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | ||||
| CVE-2026-0958 | 1 Gitlab | 1 Gitlab | 2026-02-13 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits. | ||||
| CVE-2026-1458 | 1 Gitlab | 1 Gitlab | 2026-02-12 | 6.5 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files. | ||||
| CVE-2020-37113 | 2 Gunet, Openeclass | 2 Open Eclass Platform, Openeclass | 2026-02-12 | 8.8 High |
| GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature. | ||||
| CVE-2026-1357 | 2 Wordpress, Wpvividplugins | 2 Wordpress, Migration Backup Staging Wpvivd Backup And Migration | 2026-02-11 | 9.8 Critical |
| The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper error handling in the RSA decryption process combined with a lack of path sanitization when writing uploaded files. When the plugin fails to decrypt a session key using openssl_private_decrypt(), it does not terminate execution and instead passes the boolean false value to the phpseclib library's AES cipher initialization. The library treats this false value as a string of null bytes, allowing an attacker to encrypt a malicious payload using a predictable null-byte key. Additionally, the plugin accepts filenames from the decrypted payload without sanitization, enabling directory traversal to escape the protected backup directory. This makes it possible for unauthenticated attackers to upload arbitrary PHP files to publicly accessible directories and achieve Remote Code Execution via the wpvivid_action=send_to_site parameter. | ||||
| CVE-2025-61506 | 1 Mediacrush | 1 Mediacrush | 2026-02-11 | 9.8 Critical |
| An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint. | ||||