Export limit exceeded: 351407 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4041 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-7210 | 1 Fabian | 1 Library Management System | 2025-10-23 | 6.3 Medium |
| A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6161 | 1 Fabian | 1 Simple Food Ordering System | 2025-10-23 | 7.3 High |
| A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-57668 | 1 Fabian | 1 Shopping Portal | 2025-10-23 | 8.8 High |
| In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vulnerability. | ||||
| CVE-2025-0335 | 1 Fabian | 1 Online Bike Rental System | 2025-10-23 | 6.3 Medium |
| A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component Change Image Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. | ||||
| CVE-2025-7477 | 2 Code-projects, Fabian | 2 Simple Car Rental System, Simple Car Rental System | 2025-10-23 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-1561 | 1 Fabian | 1 Simple Online Hotel Reservation System | 2025-10-23 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file add_room.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-223554 is the identifier assigned to this vulnerability. | ||||
| CVE-2025-8859 | 2 Code-projects, Fabian | 2 Eblog Site, Eblog Site | 2025-10-23 | 6.3 Medium |
| A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-61181 | 1 Daicuo | 1 Daicuo | 2025-10-23 | 6.5 Medium |
| daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature. | ||||
| CVE-2018-15961 | 1 Adobe | 1 Coldfusion | 2025-10-23 | 9.8 Critical |
| Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2024-57408 | 1 Beian.miit | 1 Cool-admin-java | 2025-10-22 | 7.2 High |
| An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2025-35055 | 1 Newforma | 2 Project Center, Project Center Server | 2025-10-22 | 8.8 High |
| Newforma Info Exchange (NIX) '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete directories. In Newforma before 2023.1, anonymous access is enabled by default (CVE-2025-35062), allowing an otherwise unauthenticated attacker to effectively authenticate as 'anonymous' and exploit this file upload vulnerability. | ||||
| CVE-2025-4648 | 1 Centreon | 1 Centreon Web | 2025-10-22 | 8.4 High |
| The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG media, during the submit request. This issue affects web: from 24.10.0 before 24.10.5, from 24.04.0 before 24.04.11, from 23.10.0 before 23.10.22, from 23.04.0 before 23.04.27, from 22.10.0 before 22.10.29. | ||||
| CVE-2024-7987 | 1 Rockwellautomation | 1 Thinmanager Thinserver | 2025-10-21 | 7.8 High |
| A remote code execution vulnerability exists in the Rockwell Automation ThinManager® ThinServer™ that allows a threat actor to execute arbitrary code with System privileges. To exploit this vulnerability and a threat actor must abuse the ThinServer™ service by creating a junction and use it to upload arbitrary files. | ||||
| CVE-2025-2494 | 1 Sytel | 1 Softdial Contact Center | 2025-10-21 | 9.8 Critical |
| Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory exposed by the web application, which could result in code execution, giving the attacker full control over the server. | ||||
| CVE-2025-0402 | 1 1902756969 | 1 Reggie | 2025-10-21 | 6.3 Medium |
| A vulnerability classified as critical was found in 1902756969 reggie 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-11660 | 2 Oranbyte, Projectsandprograms | 2 School Management System, School Management System | 2025-10-20 | 7.3 High |
| A vulnerability has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this issue is some unknown functionality of the file /assets/uploadSllyabus.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. | ||||
| CVE-2025-11659 | 2 Oranbyte, Projectsandprograms | 2 School Management System, School Management System | 2025-10-20 | 7.3 High |
| A flaw has been found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected by this vulnerability is an unknown functionality of the file /assets/uploadNotes.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. | ||||
| CVE-2025-11658 | 2 Oranbyte, Projectsandprograms | 2 School Management System, School Management System | 2025-10-20 | 7.3 High |
| A vulnerability was detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. Affected is an unknown function of the file /assets/changeSllyabus.php. The manipulation of the argument File results in unrestricted upload. The attack may be launched remotely. The exploit is now public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. | ||||
| CVE-2025-11656 | 2 Oranbyte, Projectsandprograms | 2 School Management System, School Management System | 2025-10-20 | 7.3 High |
| A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2025-11657 | 2 Oranbyte, Projectsandprograms | 2 School Management System, School Management System | 2025-10-20 | 7.3 High |
| A security vulnerability has been detected in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This impacts an unknown function of the file /assets/createNotice.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. | ||||