Skip to main content

File Upload

4032 CVEs technique

Monthly

CVE-2024-57968 CRITICAL POC KEV THREAT Act Now

Advantive VeraCore warehouse management system allows authenticated users to upload files to unintended directories, enabling web shell deployment through the upload.aspx endpoint.

File Upload Veracore
NVD
CVSS 3.1
9.9
EPSS
44.2%
CVE-2024-57450 CRITICAL POC Act Now

ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Chestnutcms
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-24891 CRITICAL This Week

Dumb Drop is a file upload application. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Path Traversal
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2024-12267 MEDIUM PATCH This Month

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

File Upload WordPress PHP Drag And Drop Multiple File Upload Contact Form 7
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-13504 HIGH This Month

The Shared Files - Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress Apache XSS
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2025-24505 HIGH This Month

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. Rated high severity (CVSS 8.8). No vendor patch available.

File Upload
NVD
CVSS 4.0
8.8
EPSS
0.5%
CVE-2024-55417 PHP MEDIUM POC THREAT This Month

DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 24.7%.

RCE File Upload Voyager
NVD GitHub
CVSS 3.1
4.3
EPSS
24.7%
CVE-2025-23213 HIGH POC PATCH This Week

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload XSS Recipes
NVD GitHub
CVSS 3.1
8.7
EPSS
0.3%
CVE-2024-13448 CRITICAL This Week

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload WordPress Addons
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2025-0722 MEDIUM POC This Month

A vulnerability classified as critical was found in needyamin image_gallery 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass PHP Image Gallery Management System
NVD VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-0357 CRITICAL This Week

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload WordPress Wpbookit PHP
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2024-57277 MEDIUM This Month

InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-24650 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server.15.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-0702 MEDIUM This Month

A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Bootplus
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-45077 MEDIUM This Month

IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM PHP LFI Microsoft File Upload +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-40693 HIGH This Month

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2024-25034 HIGH This Month

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2025-23953 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server.4.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-23942 CRITICAL Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server.1.6. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 44.7% and no vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
44.7%
CVE-2025-23921 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Multi Uploader for Gravity Forms allows Upload a Web Shell to a Web Server.1.3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2025-23918 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Smallerik File Browser allows Upload a Web Shell to a Web Server.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2024-13091 CRITICAL This Week

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

RCE File Upload WordPress Wpot
NVD
CVSS 3.1
9.8
EPSS
10.2%
CVE-2025-24018 PHP HIGH POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload XSS Yeswiki
NVD GitHub
CVSS 3.1
7.6
EPSS
0.2%
CVE-2025-22723 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Upload a Web Shell to a Web Server.6.7. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-51919 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer.4.3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2025-0582 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass PHP Tailoring Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13333 HIGH PATCH This Month

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 13.9%.

RCE File Upload WordPress Advanced File Manager
NVD
CVSS 3.1
7.5
EPSS
13.9%
CVE-2024-40513 MEDIUM Monitor

An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Chatvia
NVD GitHub
CVSS 3.1
4.6
EPSS
1.3%
CVE-2025-0473 MEDIUM This Month

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Pmb
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-0471 CRITICAL This Week

Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Pmb
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2024-13355 MEDIUM This Month

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the upload_file(). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload WordPress XSS
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2024-12427 MEDIUM PATCH This Month

The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

File Upload Authentication Bypass WordPress Multi Step Form
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-41454 MEDIUM This Month

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload RCE Docker
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2025-22782 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Upload a Web Shell to a Web Server.0.8. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress
NVD
CVSS 3.1
9.9
EPSS
0.3%
CVE-2024-57761 HIGH POC This Week

An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Jeewms
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2024-48760 CRITICAL POC THREAT Emergency

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

RCE File Upload Gestioip
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
12.5%
CVE-2024-13171 HIGH This Month

Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.3% and no vendor patch available.

RCE File Upload Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
30.3%
CVE-2025-0463 MEDIUM This Month

A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass PHP Lingdang Crm
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-0460 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Blog Botz for Journal Theme 1.0 on OpenCart. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Authentication Bypass PHP
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.2%
CVE-2025-0394 HIGH This Month

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner - Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload WordPress PHP
NVD
CVSS 3.1
8.8
EPSS
9.1%
CVE-2025-0057 MEDIUM Monitor

SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Java XSS
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-42248 MEDIUM This Month

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Visual Access Manager
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-46479 CRITICAL This Week

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Supravizio Bpm
NVD GitHub
CVSS 3.1
9.9
EPSS
4.5%
CVE-2024-57487 MEDIUM POC THREAT This Month

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 45.1% and no vendor patch available.

RCE File Upload Code Injection PHP Online Car Rental System
NVD GitHub
CVSS 3.1
6.5
EPSS
45.1%
Threat
4.2
CVE-2025-0402 MEDIUM This Month

A vulnerability classified as critical was found in 1902756969 reggie 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Reggie
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0399 MEDIUM This Month

A vulnerability was found in StarSea99 starsea-mall 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Starsea Mall
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-42180 LOW Monitor

HCL MyXalytics is affected by a malicious file upload vulnerability. Rated low severity (CVSS 1.6). No vendor patch available.

File Upload Dryice Myxalytics
NVD
CVSS 3.1
1.6
EPSS
0.2%
CVE-2024-50807 MEDIUM This Month

Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting (XSS) via file upload using the svg and pdf extensions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-46210 HIGH This Month

An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Redaxo
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-22504 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.2.18. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-0346 MEDIUM POC This Month

A vulnerability was found in code-projects Content Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass PHP Content Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-0341 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Computer Laboratory Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-43662 MEDIUM This Month

The <redacted>.exe or <redacted>.exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0335 MEDIUM POC This Month

A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Online Bike Rental System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13212 MEDIUM This Month

A vulnerability classified as critical has been found in SingMR HouseRent 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Houserent
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13210 MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java Bookstore
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13201 MEDIUM POC This Month

A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java Springboot Blog
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13191 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java Myblog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-12854 HIGH This Month

The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.

RCE File Upload WordPress
NVD
CVSS 3.1
8.8
EPSS
15.1%
CVE-2024-12853 HIGH This Month

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.4% and no vendor patch available.

RCE File Upload WordPress Modula Image Gallery
NVD
CVSS 3.1
8.8
EPSS
12.4%
CVE-2024-9939 HIGH PATCH This Week

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP File Upload WordPress Path Traversal
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2024-11635 CRITICAL Act Now

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

RCE File Upload Code Injection WordPress
NVD
CVSS 3.1
9.8
EPSS
19.2%
CVE-2024-8002 MEDIUM This Month

A vulnerability has been found in VIWIS LMS 9.11 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload XSS
NVD VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-11613 CRITICAL PATCH Act Now

The WordPress File Upload plugin through version 4.24.15 contains critical vulnerabilities in wfu_file_downloader.php enabling remote code execution, arbitrary file read, and arbitrary file deletion. The lack of proper sanitization on the source parameter combined with user-defined directory paths allows unauthenticated attackers to fully compromise the server.

PHP RCE Code Injection WordPress File Upload
NVD
CVSS 3.1
9.8
EPSS
66.1%
CVE-2025-22132 HIGH POC PATCH This Week

WeGIA is a web manager for charitable institutions. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload XSS Wegia
NVD GitHub
CVSS 3.1
8.3
EPSS
0.5%
CVE-2022-41573 CRITICAL POC Act Now

An issue was discovered in Ovidentia 8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
10.0%
CVE-2024-50660 CRITICAL Act Now

File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Code Injection Adportal
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2025-21624 CRITICAL POC PATCH THREAT Act Now

ClipBucket V5 provides open source video hosting with PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.9%.

File Upload PHP Clipbucket
NVD GitHub
CVSS 3.1
9.8
EPSS
24.9%
CVE-2024-53345 HIGH This Week

An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
CVSS 3.1
8.8
EPSS
6.8%
CVE-2024-43243 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.2.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.9%
CVE-2024-12719 MEDIUM PATCH Monitor

The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

File Upload Authentication Bypass WordPress Path Traversal Wordpress File Upload
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-56828 CRITICAL POC Act Now

File Upload vulnerability in ChestnutCMS through 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Chestnutcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-21604 MEDIUM This Month

LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Langchain AI / ML
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2024-13145 MEDIUM POC This Month

A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java My Blog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13144 MEDIUM POC This Month

A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java My Blog
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13141 MEDIUM POC This Month

A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Lightpicture
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13138 MEDIUM POC This Month

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java Mysiteforme
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2024-13134 MEDIUM This Month

A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Studentmanager
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2024-13133 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in ZeroWdd studentmanager 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java Studentmanager
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-0213 MEDIUM POC This Month

A vulnerability was found in Campcodes Project Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass PHP Project Management System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-22389 HIGH This Month

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Optimizely Cms
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2024-55078 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Java
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-56264 MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector allows Upload a Web Shell to a Web Server.14.0. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.8% and no vendor patch available.

File Upload
NVD
CVSS 3.1
6.6
EPSS
12.8%
CVE-2024-56249 CRITICAL Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in Webdeclic WPMasterToolKit allows Upload a Web Shell to a Web Server.13.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.6% and no vendor patch available.

File Upload
NVD
CVSS 3.1
9.1
EPSS
41.6%
CVE-2024-56829 CRITICAL This Week

Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
CVSS 3.1
10.0
EPSS
0.1%
CVE-2024-56064 CRITICAL Emergency

Unrestricted file upload in azzaroco's WP SuperBackup WordPress plugin (versions through 2.3.3) enables remote unauthenticated attackers to upload arbitrary files including web shells, leading to full server compromise. The maximum CVSS score of 10.0 combined with an EPSS score of 55.52% (98th percentile) indicates very high exploitation probability, though no public exploit was identified at time of analysis and the issue is not yet listed in CISA KEV.

File Upload
NVD
CVSS 3.1
10.0
EPSS
55.5%
CVE-2024-56046 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2024-13022 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java File Upload Tarzan Cms
NVD VulDB
CVSS 4.0
5.3
EPSS
0.4%
CVE-2024-12994 MEDIUM This Month

A vulnerability was found in running-elephant Datart 1.0.0-rc3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization File Upload
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.5%
CVE-2024-56508 HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect links of your favorite websites. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Linkace
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
EPSS 44% CVSS 9.9
CRITICAL POC KEV THREAT Act Now

Advantive VeraCore warehouse management system allows authenticated users to upload files to unintended directories, enabling web shell deployment through the upload.aspx endpoint.

File Upload Veracore
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Chestnutcms
NVD
EPSS 0% CVSS 9.6
CRITICAL This Week

Dumb Drop is a file upload application. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Path Traversal
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

File Upload WordPress PHP +1
NVD
EPSS 0% CVSS 7.2
HIGH This Month

The Shared Files - Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress Apache +1
NVD
EPSS 1% CVSS 8.8
HIGH This Month

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. Rated high severity (CVSS 8.8). No vendor patch available.

File Upload
NVD
EPSS 25% CVSS 4.3
MEDIUM POC THREAT This Month

DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 24.7%.

RCE File Upload Voyager
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload XSS Recipes
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL This Week

The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload WordPress +1
NVD
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability classified as critical was found in needyamin image_gallery 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass PHP +1
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL This Week

The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'WPB_Profile_controller::handle_image_upload' function in versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload WordPress +2
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic allows Upload a Web Shell to a Web Server.15.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

IBM Maximo Asset Management 7.6.1.3 MXAPIASSET API is vulnerable to unrestricted file upload which allows authenticated low privileged user to upload restricted file types with a simple method of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM PHP LFI +4
NVD
EPSS 0% CVSS 8.0
HIGH This Month

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
EPSS 0% CVSS 8.0
HIGH This Month

IBM Planning Analytics 2.0 and 2.1 could be vulnerable to malicious file upload by not validating the type of file in the File Manager T1 process. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Planning Analytics
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server.4.2. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 45% CVSS 9.1
CRITICAL Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server.1.6. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 44.7% and no vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Multi Uploader for Gravity Forms allows Upload a Web Shell to a Web Server.1.3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Smallerik File Browser allows Upload a Web Shell to a Web Server.1. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 10% CVSS 9.8
CRITICAL This Week

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.2% and no vendor patch available.

RCE File Upload WordPress +1
NVD
EPSS 0% CVSS 7.6
HIGH POC PATCH This Month

YesWiki is a wiki system written in PHP. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload XSS Yeswiki
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Upload a Web Shell to a Web Server.6.7. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer.4.3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass PHP +1
NVD GitHub VulDB
EPSS 14% CVSS 7.5
HIGH PATCH This Month

The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 13.9%.

RCE File Upload WordPress +1
NVD
EPSS 1% CVSS 4.6
MEDIUM Monitor

An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Chatvia
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Pmb
NVD
EPSS 0% CVSS 9.9
CRITICAL This Week

Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Pmb
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the upload_file(). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload WordPress +1
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

File Upload Authentication Bypass WordPress +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload RCE +1
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Upload a Web Shell to a Web Server.0.8. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress
NVD
EPSS 0% CVSS 8.1
HIGH POC This Week

An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Jeewms
NVD
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Emergency

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.5%.

RCE File Upload Gestioip
NVD GitHub Exploit-DB
EPSS 30% CVSS 7.8
HIGH This Month

Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.3% and no vendor patch available.

RCE File Upload Ivanti +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability, which was classified as critical, was found in Blog Botz for Journal Theme 1.0 on OpenCart. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Authentication Bypass PHP
NVD GitHub VulDB
EPSS 9% CVSS 8.8
HIGH This Month

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner - Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload WordPress +1
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Java +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Visual Access Manager
NVD
EPSS 5% CVSS 9.9
CRITICAL This Week

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Supravizio Bpm
NVD GitHub
EPSS 45% 4.2 CVSS 6.5
MEDIUM POC THREAT This Month

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 45.1% and no vendor patch available.

RCE File Upload Code Injection +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical was found in 1902756969 reggie 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability was found in StarSea99 starsea-mall 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 1.6
LOW Monitor

HCL MyXalytics is affected by a malicious file upload vulnerability. Rated low severity (CVSS 1.6). No vendor patch available.

File Upload Dryice Myxalytics
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting (XSS) via file upload using the svg and pdf extensions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload XSS
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Month

An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Redaxo
NVD GitHub
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.2.18. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in code-projects Content Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Computer Laboratory Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

The <redacted>.exe or <redacted>.exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Online Bike Rental System
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical has been found in SingMR HouseRent 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in donglight bookstore电商书城系统说明 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0.java. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 15% CVSS 8.8
HIGH This Month

The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.

RCE File Upload WordPress
NVD
EPSS 12% CVSS 8.8
HIGH This Month

The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.4% and no vendor patch available.

RCE File Upload WordPress +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP File Upload WordPress +1
NVD
EPSS 19% CVSS 9.8
CRITICAL Act Now

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

RCE File Upload Code Injection +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability has been found in VIWIS LMS 9.11 and classified as problematic. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload XSS
NVD VulDB
EPSS 66% CVSS 9.8
CRITICAL PATCH Act Now

The WordPress File Upload plugin through version 4.24.15 contains critical vulnerabilities in wfu_file_downloader.php enabling remote code execution, arbitrary file read, and arbitrary file deletion. The lack of proper sanitization on the source parameter combined with user-defined directory paths allows unauthenticated attackers to fully compromise the server.

PHP RCE Code Injection +2
NVD
EPSS 0% CVSS 8.3
HIGH POC PATCH This Week

WeGIA is a web manager for charitable institutions. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload XSS +1
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Ovidentia 8.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Code Injection +1
NVD
EPSS 25% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

ClipBucket V5 provides open source video hosting with PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 24.9%.

File Upload PHP Clipbucket
NVD GitHub
EPSS 7% CVSS 8.8
HIGH This Week

An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload
NVD GitHub
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.2.6. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

File Upload Authentication Bypass WordPress +2
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

File Upload vulnerability in ChestnutCMS through 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Chestnutcms
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Langchain AI / ML
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Lightpicture
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability was found in wangl1989 mysiteforme 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as critical, has been found in ZeroWdd studentmanager 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Java +1
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in Campcodes Project Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH This Month

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Optimizely Cms
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Java
NVD GitHub
EPSS 13% CVSS 6.6
MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector allows Upload a Web Shell to a Web Server.14.0. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.8% and no vendor patch available.

File Upload
NVD
EPSS 42% CVSS 9.1
CRITICAL Emergency

Unrestricted Upload of File with Dangerous Type vulnerability in Webdeclic WPMasterToolKit allows Upload a Web Shell to a Web Server.13.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.6% and no vendor patch available.

File Upload
NVD
EPSS 0% CVSS 10.0
CRITICAL This Week

Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD GitHub
EPSS 56% CVSS 10.0
CRITICAL Emergency

Unrestricted file upload in azzaroco's WP SuperBackup WordPress plugin (versions through 2.3.3) enables remote unauthenticated attackers to upload arbitrary files including web shells, leading to full server compromise. The maximum CVSS score of 10.0 combined with an EPSS score of 55.52% (98th percentile) indicates very high exploitation probability, though no public exploit was identified at time of analysis and the issue is not yet listed in CISA KEV.

File Upload
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.9.9. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload
NVD
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Java File Upload +1
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability was found in running-elephant Datart 1.0.0-rc3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization File Upload
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect links of your favorite websites. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Linkace
NVD GitHub
Prev Page 15 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy