Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
CVE-2026-6057
CRITICAL CVSS 9.8
Find Similar
FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution.
CVE-2025-53120
CRITICAL CVSS 9.4
Find Similar
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote
The upload endpoint insufficiently validates the 'Upload-Key' request header. By supplying path traversal sequences, an authenticated attacker can cause the server to create upload-related artifacts o
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path.
Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted
CVE-2026-7411
CRITICAL CVSS 10.0
Find Similar
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal atta
Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by manipulating the folder parameter. Attackers can send GET request
A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary file
A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTT
CVE-2014-125126
CRITICAL CVSS 9.2
Find Similar
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3
CVE-2025-34040
CRITICAL CVSS 10.0
Find Similar
An arbitrary file upload vulnerability exists in the Zhiyuan OA platform via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploa
A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File U
A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server,
A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulatio
A vulnerability has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff and classified as critical. This vulnerability affects the function fileUpload of the file FileUplo
CVE-2013-10034
CRITICAL CVSS 9.3
Find Similar
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted
An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server.
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulati
A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation
A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615/4.0.0-B20230531.1404. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the
Page 1+ Next →