Export limit exceeded: 356047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4212 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4276 | 1 House Rental System Project | 1 House Rental System | 2025-04-15 | 6.3 Medium |
| A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772. | ||||
| CVE-2022-45896 | 1 Planetestream | 1 Planet Estream | 2025-04-14 | 9.8 Critical |
| Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution. | ||||
| CVE-2022-4506 | 1 Open-emr | 1 Openemr | 2025-04-14 | 8.8 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2024-56975 | 1 Invoiceplane | 1 Invoiceplane | 2025-04-14 | 9.8 Critical |
| InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller. | ||||
| CVE-2022-2647 | 1 Jeecg | 1 Jeecg Boot | 2025-04-14 | 7.3 High |
| A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-54918 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | 9.8 Critical |
| Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. | ||||
| CVE-2022-45427 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2025-04-14 | 7.2 High |
| Some Dahua software products have a vulnerability of unrestricted upload of file. After obtaining the permissions of administrators, by sending a specific crafted packet to the vulnerable interface, an attacker can upload arbitrary files. | ||||
| CVE-2016-9268 | 1 Dotclear | 1 Dotclear | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the Blog appearance in the "Install or upgrade manually" module in Dotclear through 2.10.4 allows remote authenticated super-administrators to execute arbitrary code by uploading a theme file with an zip extension, and then accessing it via unspecified vectors. | ||||
| CVE-2015-0702 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712. | ||||
| CVE-2016-9187 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | ||||
| CVE-2015-1000013 | 1 Csv2wpec-coupon Project | 1 Csv2wpec-coupon | 2025-04-12 | N/A |
| Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | ||||
| CVE-2016-7095 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution. | ||||
| CVE-2016-9186 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | ||||
| CVE-2016-7902 | 1 Dotclear | 1 Dotclear | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20. | ||||
| CVE-2015-1000001 | 1 Fast-image-adder Project | 1 Fast-image-adder | 2025-04-12 | N/A |
| Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | ||||
| CVE-2015-5157 | 2 Linux, Redhat | 9 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 6 more | 2025-04-12 | N/A |
| arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI. | ||||
| CVE-2015-4524 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server. | ||||
| CVE-2015-3290 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window. | ||||
| CVE-2015-1000000 | 1 Mailcwp Project | 1 Mailcwp | 2025-04-12 | N/A |
| Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | ||||
| CVE-2016-2914 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to execute arbitrary code by specifying an unexpected file extension. | ||||