Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Contact Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the contact form upload feature in all versions up to, and including, 8.6.4. Thi
CVE-2024-42777
CRITICAL CVSS 9.8
Find Similar
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a craft
CVE-2013-10066
CRITICAL CVSS 10.0
Find Similar
An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpi
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performing
The Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'uploa
The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 2.5.3. This makes it possible for authenticated attackers with c
The Checkout Field Manager (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the
The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This ma
CVE-2025-52921
CRITICAL CVSS 9.9
Find Similar
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming
A flaw has been found in code-projects Online Product Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /handgunner-administrator/prod.php. Executing a man
CVE-2026-5482
CRITICAL CVSS 9.3
Find Similar
Responsive FileManager's allows an unauthenticated attacker to upload files of any type and extension without restriction using dialog.php endpoint, leading to Remote Code Execution.  This project is
CVE-2024-46088
CRITICAL CVSS 9.8
Find Similar
An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary
A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/file_manage_control.php of the component File Extensio
A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the arg
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the
A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.cla
In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability.
A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/add_client.php. T
The File Manager Advanced Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 (advanced-file-ma
CVE-2023-43958
CRITICAL CVSS 9.8
Find Similar
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server