Total
3790 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1555 | 1 Hzmanyun | 1 Education And Training System | 2026-01-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. This vulnerability affects the function saveImage. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-68001 | 2026-01-28 | N/A | 9.8 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in garidium g-FFL Checkout g-ffl-checkout allows Upload a Web Shell to a Web Server.This issue affects g-FFL Checkout: from n/a through <= 2.1.0. | |||||
| CVE-2025-67968 | 2026-01-28 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files.This issue affects Real Homes CRM: from n/a through <= 1.0.0. | |||||
| CVE-2025-68986 | 2026-01-28 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miion miion allows Upload a Web Shell to a Web Server.This issue affects Miion: from n/a through <= 1.2.7. | |||||
| CVE-2025-68910 | 2026-01-28 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee allows Using Malicious Files.This issue affects Blogzee: from n/a through <= 1.0.5. | |||||
| CVE-2025-68909 | 2026-01-28 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogistic blogistic allows Using Malicious Files.This issue affects Blogistic: from n/a through <= 1.0.5. | |||||
| CVE-2026-1423 | 1 Fabian | 1 Online Examination System | 2026-01-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /admin_pic.php. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-1424 | 1 Phpgurukul | 1 News Portal | 2026-01-27 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-69312 | 2026-01-27 | N/A | 9.1 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1. | |||||
| CVE-2025-52691 | 1 Smartertools | 1 Smartermail | 2026-01-27 | N/A | 10.0 CRITICAL |
| Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. | |||||
| CVE-2025-62050 | 2026-01-27 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogmatic blogmatic.This issue affects Blogmatic: from n/a through <= 1.0.3. | |||||
| CVE-2026-24815 | 2026-01-27 | N/A | N/A | ||
| Unrestricted Upload of File with Dangerous Type, Deserialization of Untrusted Data vulnerability in datavane tis (tis-plugin/src/main/java/com/qlangtech/tis/extension/impl modules). This vulnerability is associated with program files XmlFile.Java. This issue affects tis: before v4.3.0. | |||||
| CVE-2026-1445 | 2026-01-27 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A vulnerability was found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This vulnerability affects unknown code of the file controllers/books_center/upload_bookCover.php. Performing a manipulation of the argument book_cover results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. | |||||
| CVE-2025-62056 | 2026-01-27 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes News Event news-event.This issue affects News Event: from n/a through <= 1.0.1. | |||||
| CVE-2025-50002 | 2026-01-26 | N/A | 9.8 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through <= 1.1.2. | |||||
| CVE-2025-33015 | 1 Ibm | 1 Concert | 2026-01-26 | N/A | 8.8 HIGH |
| IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. | |||||
| CVE-2012-10064 | 2026-01-26 | N/A | N/A | ||
| Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enabling an attacker to place attacker-controlled files under the plugin's uploads directory. This can lead to remote code execution if a server-executable file type is uploaded and subsequently accessed. | |||||
| CVE-2026-1152 | 2026-01-26 | 5.8 MEDIUM | 4.7 MEDIUM | ||
| A security vulnerability has been detected in technical-laohu mpay up to 1.2.4. The impacted element is an unknown function of the component QR Code Image Handler. Such manipulation of the argument codeimg leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-1107 | 2026-01-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-1061 | 2026-01-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload. The attack may be performed from remote. The exploit is now public and may be used. | |||||