Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
20 results
A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argum
An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file.
A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Perfor
A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the
A vulnerability was found in Nanjing Xingyuantu Technology SparkShop up to 1.1.6. It has been rated as critical. This issue affects some unknown processing of the file /api/Common/uploadFile. The mani
Sourcecodester Web-based Pharmacy Product Management System v.1.0 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The mani
A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/j
A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been classified as critical. This affects an unknown part of the file app/Core/Http/Controllers/Profile/ImagesController.php of the compone
A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filenam
CVE-2025-34040
CRITICAL CVSS 10.0
Find Similar
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploa
A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipu
CVE-2021-47819
CRITICAL CVSS 9.3
Find Similar
ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP scr
A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadControll
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVE-2023-26686
CRITICAL CVSS 9.8
Find Similar
File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.
A vulnerability has been found in Technologies Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /SetWebpagePic.jsp. The manipulation of the argum
CVE-2025-34100
CRITICAL CVSS 9.3
Find Similar
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly
CVE-2024-51366
CRITICAL CVSS 9.8
Find Similar
An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file.
← Previous Page 5