Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an
CVE-2012-10036
CRITICAL CVSS 9.3
Find Similar
Project Pier 0.8.8 and earlier contains an unauthenticated arbitrary file upload vulnerability in tools/upload_file.php. The upload handler fails to validate the file type or enforce authentication, a
A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/F
Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality.
An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group.
CVE-2012-10045
CRITICAL CVSS 9.3
Find Similar
XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which f
CVE-2025-26892
CRITICAL CVSS 9.9
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in dkszone Celestial Aura allows Using Malicious Files.This issue affects Celestial Aura: from n/a through 2.2.
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with sy
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Ent
CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codexshaper Advanced Element Bucket Addons for Elementor cs-element-bucket allows Stored XSS.This
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in Emlog Pro 2.5.19. The vulnerability exists due to insufficient validation of SVG file uploads in the /admin/media.php component
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to info
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Ma
After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected
The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through
CVE-2023-53950
CRITICAL CVSS 9.3
Find Similar
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malic
The MsUpload extension for MediaWiki is vulnerable to stored XSS via the msu-continue system message, which is inserted into the DOM without proper sanitization. The vulnerability occurs in the file u
file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF (WMV/WMA) file type detection parser. When parsing a crafted input wher
CVE-2025-69403
CRITICAL CVSS 9.9
Find Similar
Unrestricted Upload of File with Dangerous Type vulnerability in Bravis-Themes Bravis Addons bravis-addons allows Using Malicious Files.This issue affects Bravis Addons: from n/a through <= 1.3.0.