Total
3800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6466 | 1 Ageerle | 1 Ruoyi-ai | 2025-08-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in ageerle ruoyi-ai 2.0.0 and classified as critical. Affected by this issue is the function speechToTextTranscriptionsV2/upload of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/service/impl/SseServiceImpl.java. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1 is able to address this issue. The patch is identified as 4e93ac86d4891c59ecfcd27c051de9b3c5379315. It is recommended to upgrade the affected component. | |||||
| CVE-2025-53119 | 2025-08-25 | N/A | 7.5 HIGH | ||
| An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server. | |||||
| CVE-2025-7864 | 1 Jeesite | 1 Jeesite | 2025-08-25 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3585737d21fe490ff6948d913fcbd8d99c41fc08. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-49222 | 1 Mattermost | 1 Mattermost Server | 2025-08-25 | N/A | 6.8 MEDIUM |
| Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.9.x <= 10.9.2, 10.10.x <= 10.10.0 fail to validate upload types in remote cluster upload sessions which allows a system admin to upload non-attachment file types via shared channels that could potentially be placed in arbitrary filesystem directories. | |||||
| CVE-2025-55743 | 1 Webkul | 1 Unopim | 2025-08-22 | N/A | 8.8 HIGH |
| UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, the image upload at the user creation feature performs only client side file type validation. A user can capture the request by uploading an image, capture the request through a Proxy like Burp suite. Make changes to the file extension and content. The vulnerability is fixed in 0.2.1. | |||||
| CVE-2024-13144 | 1 Zhenfeng13 | 1 My-blog | 2025-08-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13145 | 1 Zhenfeng13 | 1 My-blog | 2025-08-22 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13210 | 1 Donglight | 1 Bookstore | 2025-08-22 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in donglight bookstore电商书城系统说明 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The manipulation of the argument pictureFile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-53251 | 2025-08-22 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a before 7.2. | |||||
| CVE-2025-55383 | 2025-08-22 | N/A | 8.6 HIGH | ||
| Moss before v0.15 has a file upload vulnerability. The "upload" function configuration allows attackers to upload files of any extension to any location on the target server. | |||||
| CVE-2025-54460 | 2025-08-22 | N/A | 7.1 HIGH | ||
| The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files that could potentially be executed. | |||||
| CVE-2025-27714 | 2025-08-22 | N/A | 6.3 MEDIUM | ||
| An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise. | |||||
| CVE-2025-24489 | 2025-08-22 | N/A | 6.3 MEDIUM | ||
| An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise. | |||||
| CVE-2024-13201 | 1 Wander-chu | 1 Springboot-blog | 2025-08-22 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9153 | 1 Mayurik | 1 Online Tour \& Travel Management System | 2025-08-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in itsourcecode Online Tour and Travel Management System 1.0. This vulnerability affects unknown code of the file /admin/operations/travellers.php. The manipulation of the argument photo results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2024-13022 | 1 Taisan | 1 Tarzan-cms | 2025-08-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. This affects the function UploadResponse of the file src/main/java/com/tarzan/cms/modules/admin/controller/common/UploadController.java of the component Article Management. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-3736 | 1 Cym1102 | 1 Nginxwebui | 2025-08-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575. | |||||
| CVE-2025-51489 | 1 Moonshine | 1 Moonshine | 2025-08-21 | N/A | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened. | |||||
| CVE-2025-53213 | 2025-08-20 | N/A | 9.9 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping allows Using Malicious Files. This issue affects ReachShip WooCommerce Multi-Carrier & Conditional Shipping: from n/a through 4.3.1. | |||||
| CVE-2025-48148 | 2025-08-20 | N/A | 10.0 CRITICAL | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Using Malicious Files. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4. | |||||