Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
A vulnerability was found in YiJiuSmile kkFileViewOfficeEdit up to 5fbc57c48e8fe6c1b91e0e7995e2d59615f37abd. It has been classified as critical. This affects the function deleteFile of the file /delet
The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack
CVE-2026-29859
CRITICAL CVSS 9.8
Find Similar
An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file.
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument File
CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable
An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbit
The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to t
Attacker controlled files can be uploaded to arbitrary locations on the web server's filesystem by abusing a path traversal vulnerability.
An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.
An authenticated local file inclusion vulnerability exists in Microweber CMS versions <= 1.2.11 through misuse of the backup management API. Authenticated users can abuse the /api/BackupV2/upload and
Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions.
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary co
Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests t
CVE-2013-10047
CRITICAL CVSS 9.3
Find Similar
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the u
A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing of
A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server,
A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler.
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
Improper isolation of users in M-Files Server version before 25.3.14549 allows anonymous user to affect other anonymous users views and possibly cause a denial of service
A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument fileP