Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
20 results
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authentica
CVE-2025-65783
CRITICAL CVSS 9.8
Find Similar
An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF
Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php.
CVE-2022-50993
CRITICAL CVSS 9.3
Find Similar
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload maliciou
A vulnerability was found in Yue Lao Blind Box 月老盲盒 up to 4.0. It has been declared as critical. This vulnerability affects the function base64image of the file /app/controller/Upload.php. The manipul
CVE-2024-46088
CRITICAL CVSS 9.8
Find Similar
An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page (/cgi/uset.cgi?-cfilename) in t
A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Content.php?f=service.
A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted uploa
CVE-2022-38946
CRITICAL CVSS 9.8
Find Similar
Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.
The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the make_archive()
A vulnerability, which was classified as critical, was found in code-projects Staff Audit System 1.0. Affected is an unknown function of the file /test.php. The manipulation of the argument uploadedfi
The Easy Digital Downloads – Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and
Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute
Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.
An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.
Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.
A vulnerability, which was classified as critical, has been found in llisoft MTA Maita Training System 4.5. This issue affects the function this.fileService.download of the file com\llisoft\controller
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can ac
← Previous Page 5