Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
20 results
CVE-2025-65783
CRITICAL CVSS 9.8
Find Similar
An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF
An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.
A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function move_uploaded_file of the file /AssignmentSection/submi
An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file.
There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web s
code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web sh
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.
A vulnerability, which was classified as critical, was found in code-projects College Management System 1.0. This affects an unknown part of the file /Admin/student.php. The manipulation of the argume
Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image
CVE-2025-34046
CRITICAL CVSS 10.0
Find Similar
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly vali
Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictio
CVE-2022-38946
CRITICAL CVSS 9.8
Find Similar
Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.
Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with sy
A vulnerability, which was classified as critical, was found in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/student.php. The manipulation of the argumen
A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/candidates_add.php. The manipulation of
CVE-2026-53787
CRITICAL CVSS 9.3
Find Similar
Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's
CVE-2024-8940
CRITICAL CVSS 9.8
Find Similar
Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST reque
CVE-2016-20052
CRITICAL CVSS 9.3
Find Similar
Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can u
A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. The manipulation of the argument File
CVE-2024-40125
CRITICAL CVSS 9.8
Find Similar
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the up
← Previous Page 5