Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2025-65474
CRITICAL CVSS 9.8
Find Similar
An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a SVG format.
CVE-2025-65473
CRITICAL CVSS 9.1
Find Similar
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a cra
An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted PHP file.
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads
CVE-2020-36847
CRITICAL CVSS 9.8
Find Similar
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a pn
Joomla! Component Easy Shop 1.2.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by supplying base64-encoded file paths. Attackers can send
An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary co
An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file.
A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument
CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Company Website 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save. The ma
CVE-2023-43958
CRITICAL CVSS 9.8
Find Similar
An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server
e107 CMS version 3.2.1 contains a critical file upload vulnerability that allows authenticated administrators to override arbitrary server files through path traversal. The vulnerability exists in the
An arbitrary file upload vulnerability in the component /controller/PicManager.php of FoxCMS v1.2.6 allows attackers to execute arbitrary code via uploading a crafted template file.
A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument File
A vulnerability, which was classified as problematic, has been found in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /admin/registration.php. The
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file.
A vulnerability was found in SourceCodester Image Compressor Tool 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /image-compressor/compressor.php. The ma
CVE-2025-52921
CRITICAL CVSS 9.9
Find Similar
In Innoshop through 0.4.1, an authenticated attacker could exploit the File Manager functions in the admin panel to achieve code execution on the server, by uploading a crafted file and then renaming
A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The att
Page 1+ Next →