Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2021-39145 Maven HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
4.1%
CVE-2021-39141 Maven HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream Debian Linux Fedora +12
NVD GitHub
CVSS 3.1
8.5
EPSS
16.1%
CVE-2021-39139 Maven HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Java Xstream Debian Linux +13
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2021-22255 MEDIUM PATCH This Month

SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF File Upload Baserow
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-37608 CRITICAL PATCH Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands.12.07 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Apache Atlassian File Upload Ofbiz
NVD
CVSS 3.1
9.8
EPSS
6.0%
CVE-2021-37711 PHP HIGH PATCH This Week

Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF File Upload Shopware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-22937 HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
7.8%
CVE-2021-38753 CRITICAL POC Act Now

An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Simple Image Gallery Web App
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-29377 CRITICAL POC Act Now

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Pearadmin Think
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-38366 HIGH POC This Week

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Sitecore
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-38305 PyPI HIGH PATCH This Week

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Python File Upload RCE Yamale
NVD GitHub
CVSS 3.1
7.8
EPSS
2.5%
CVE-2021-24499 CRITICAL POC THREAT Act Now

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Workreap
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
60.1%
CVE-2021-34639 HIGH This Week

Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP File Upload Download Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-32594 HIGH This Week

An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Fortiportal
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2021-36623 CRITICAL POC Act Now

Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Phone Shop Sales Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-36622 CRITICAL POC Act Now

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Covid Vaccination Scheduler System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-37160 CRITICAL Act Now

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jwt Attack Hmi 3 Control Panel Firmware
NVD
CVSS 3.1
9.8
EPSS
8.2%
CVE-2021-25200 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Learning Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-36741 HIGH KEV THREAT This Week

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro File Upload Officescan Officescan Business Security Apex One +1
NVD
CVSS 3.1
8.8
EPSS
5.0%
CVE-2021-25208 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Travel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25206 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Responsive Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25203 CRITICAL POC Act Now

Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Victor Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25207 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload E Commerce Website
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25211 CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25210 CRITICAL Act Now

Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload Alumni Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-34619 HIGH POC This Week

The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP File Upload Stock Manager For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-2380 HIGH This Week

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle File Upload Authentication Bypass Applications Framework
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2021-35963 CRITICAL Act Now

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Orca Hcm
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-29699 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Docker IBM File Upload Security Verify Access
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2021-36121 HIGH This Week

An issue was discovered in Echo ShareCare 8.15.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload Sharecare
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-30118 CRITICAL POC PATCH THREAT Act Now

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Vsa
NVD
CVSS 3.1
9.8
EPSS
60.3%
CVE-2021-28931 PHP HIGH PATCH This Week

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Fork Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-32538 CRITICAL Act Now

ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Artware Cms
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-34624 CRITICAL POC Act Now

A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Profilepress
NVD
CVSS 3.1
9.8
EPSS
6.7%
CVE-2021-34623 CRITICAL POC Act Now

A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Profilepress
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-20104 HIGH This Week

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE PHP File Upload Machform
NVD
CVSS 3.1
8.1
EPSS
2.2%
CVE-2021-34074 CRITICAL POC Act Now

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD
CVSS 3.1
9.8
EPSS
7.5%
CVE-2021-28976 HIGH POC This Week

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload Getsimplecms
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
7.5%
CVE-2021-24376 CRITICAL POC Act Now

The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP File Upload Autoptimize
NVD WPScan
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-24370 CRITICAL POC THREAT Act Now

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE File Upload Fancy Product Designer
NVD WPScan
CVSS 3.1
9.8
EPSS
47.1%
CVE-2021-32245 PHP MEDIUM POC This Month

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Pagekit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32243 HIGH POC This Week

FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Fogproject
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-34551 PHP HIGH PATCH This Week

PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft File Upload RCE Phpmailer Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
2.8%
CVE-2021-27489 HIGH This Week

ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Defibrillator Dashboard
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-34128 HIGH POC This Week

LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Laiketui
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-23394 PHP CRITICAL POC PATCH THREAT Act Now

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP File Upload Elfinder
NVD GitHub
CVSS 3.1
9.8
EPSS
19.1%
CVE-2021-26828 HIGH POC KEV PATCH THREAT This Week

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft File Upload Scadabr
NVD GitHub
CVSS 3.1
8.8
EPSS
39.1%
CVE-2021-26473 CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Bdr Suite Offsite Dr
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-3277 HIGH This Week

Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload Nagios Xi
NVD
CVSS 3.1
7.2
EPSS
54.6%
CVE-2021-29092 HIGH This Week

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology RCE File Upload Photo Station
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-24311 HIGH POC This Week

The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34 was vulnerable to arbitrary file uploads via any authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload External Media
NVD WPScan
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-31703 CRITICAL Act Now

Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Ichris
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-26678 HIGH This Week

vFairs 3.3 is affected by Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Vfairs
NVD VulDB
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-32630 HIGH POC This Week

Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Admidio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-3313 PyPI MEDIUM POC PATCH This Month

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Plone
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-27459 CRITICAL Act Now

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-20721 CRITICAL Act Now

KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload arbitrary files via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload Konawiki
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-24284 CRITICAL POC THREAT Act Now

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Kaswara
NVD WPScan
CVSS 3.1
9.8
EPSS
42.1%
CVE-2021-32089 CRITICAL Act Now

An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE File Upload Fx9500 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-27618 MEDIUM This Month

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP File Upload Netweaver Process Integration
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-29022 MEDIUM POC This Month

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Invoiceplane
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-32094 HIGH This Week

U.S. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Emissary
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-31737 CRITICAL POC Act Now

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2021-24254 HIGH POC This Week

The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress File Upload College Publisher Import
NVD GitHub WPScan
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-24253 HIGH POC This Week

The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Classyfrieds
NVD GitHub WPScan
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-24252 HIGH POC This Week

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP File Upload Event Banner
NVD GitHub WPScan
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-24248 HIGH POC This Week

The Business Directory Plugin - Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Business Directory Plugin Easy Listing Directories
NVD WPScan
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-24236 CRITICAL POC Act Now

The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Imagements
NVD WPScan
CVSS 3.1
9.8
EPSS
7.1%
CVE-2021-31802 HIGH POC THREAT This Week

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Memory Corruption File Upload R7000 Firmware
NVD
CVSS 3.1
8.8
EPSS
14.2%
CVE-2021-24240 CRITICAL Act Now

The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload Business Hours Pro
NVD WPScan
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-30209 MEDIUM POC This Month

Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Textpattern
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-23280 CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Intelligent Power Manager Intelligent Power Manager Virtual Appliance Intelligent Power Protector
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2021-24224 HIGH POC This Week

The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Easy Form Builder By Bitware
NVD GitHub WPScan
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-24223 CRITICAL POC Act Now

The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload N5 Upload Form
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-24222 CRITICAL POC Act Now

The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Wp Curriculo Vitae Free
NVD GitHub WPScan
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-24220 CRITICAL POC Act Now

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Focusblog Ignition +8
NVD WPScan
CVSS 3.1
9.1
EPSS
3.9%
CVE-2021-20022 HIGH KEV THREAT This Week

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall File Upload Email Security Email Security Appliance 9000 Firmware Email Security Appliance 3300 Firmware +8
NVD
CVSS 3.1
7.2
EPSS
16.5%
CVE-2021-29641 HIGH POC This Week

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker RCE PHP Apache File Upload +1
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2021-28173 CRITICAL Act Now

The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Deltaflow
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-30149 CRITICAL POC PATCH THREAT Act Now

Composr 10.0.36 allows upload and execution of PHP files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload Composr
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
10.1%
CVE-2021-24212 CRITICAL POC Act Now

The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Help Scout
NVD WPScan
CVSS 3.1
9.8
EPSS
7.9%
CVE-2021-24171 CRITICAL Act Now

The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP File Upload Path Traversal Woocommerce Upload Files
NVD WPScan
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-24160 HIGH POC This Week

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP File Upload Responsive Menu
NVD WPScan
CVSS 3.1
8.8
EPSS
8.2%
CVE-2021-24155 HIGH POC THREAT Act Now

The WordPress Backup and Migrate Plugin - Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Backup Guard
NVD WPScan Exploit-DB
CVSS 3.1
7.2
EPSS
84.1%
CVE-2021-23001 MEDIUM This Month

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-21413 npm CRITICAL PATCH Act Now

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity.

RCE File Upload Isolated Vm
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2021-27274 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear RCE File Upload Prosafe Network Management System
NVD
CVSS 3.1
9.8
EPSS
8.2%
CVE-2021-26597 MEDIUM POC This Month

An issue was discovered in Nokia NetAct 18A. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia File Upload Netact
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-21355 PHP HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Typo3
NVD GitHub
CVSS 3.1
8.6
EPSS
1.6%
CVE-2021-21351 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.1
EPSS
82.1%
EPSS 4% CVSS 8.5
HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Xstream +14
NVD GitHub
EPSS 16% CVSS 8.5
HIGH POC PATCH THREAT This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Public exploit code available.

RCE File Upload Xstream +14
NVD GitHub
EPSS 5% CVSS 8.8
HIGH PATCH This Week

XStream is a simple library to serialize objects to XML and back again. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Java +15
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from the internal server network exposed over HTTP by inserting an internal address. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF File Upload Baserow
NVD
EPSS 6% CVSS 9.8
CRITICAL PATCH Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands.12.07 and prior versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Apache Atlassian File Upload +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF File Upload Shopware
NVD GitHub
EPSS 8% CVSS 7.2
HIGH This Week

A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Connect Secure Pulse Connect Secure
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell and executed to gain unauthorized access to the server hosting the web app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Authentication Bypass Simple Image Gallery Web App
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Sitecore
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Python File Upload RCE +1
NVD GitHub
EPSS 60% CVSS 9.8
CRITICAL POC THREAT Act Now

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD WPScan Exploit-DB
EPSS 1% CVSS 8.8
HIGH This Week

Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP File Upload +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5.3.0 through 5.3.5, 5.2.0 through 5.2.5, and 4.2.2 and earlier may allow a low-privileged user to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Fortiportal
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Phone Shop Sales Management System
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Online Covid Vaccination Scheduler System
NVD Exploit-DB
EPSS 8% CVSS 9.8
CRITICAL Act Now

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Jwt Attack Hmi 3 Control Panel Firmware
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Learning Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to \lms\student_avatar.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 5% CVSS 8.8
HIGH KEV THREAT This Week

An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro File Upload Officescan +3
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Arbitrary file upload vulnerability in SourceCodester Ordering System v 1.0 allows attackers to execute arbitrary code, via the file upload to ordering\admin\products\edit.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Arbitrary file upload vulnerability in SourceCodester Alumni Management System v 1.0 allows attackers to execute arbitrary code, via the file upload to manage_event.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP +2
NVD
EPSS 1% CVSS 7.6
HIGH This Week

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle File Upload Authentication Bypass +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Orca Hcm
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Docker IBM File Upload +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in Echo ShareCare 8.15.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal File Upload +1
NVD GitHub
EPSS 60% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Vsa
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Fork Cms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Artware Cms
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A vulnerability in the image uploader component found in the ~/src/Classes/ImageUploader.php file of the ProfilePress WordPress plugin made it possible for users to upload arbitrary files during user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD
EPSS 2% CVSS 8.1
HIGH This Week

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pandora Fms
NVD
EPSS 8% CVSS 7.2
HIGH POC This Week

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload +1
NVD GitHub Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP +2
NVD WPScan
EPSS 47% CVSS 9.8
CRITICAL POC THREAT Act Now

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE File Upload +1
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Pagekit
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Fogproject
NVD GitHub
EPSS 3% CVSS 8.1
HIGH PATCH This Week

PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft File Upload RCE +2
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Defibrillator Dashboard
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Laiketui
NVD GitHub
EPSS 19% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP File Upload +1
NVD GitHub
EPSS 39% CVSS 8.8
HIGH POC KEV PATCH THREAT This Week

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft File Upload Scadabr
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Bdr Suite +1
NVD
EPSS 55% CVSS 7.2
HIGH This Week

Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Unrestricted upload of file with dangerous type vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology RCE File Upload +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34 was vulnerable to arbitrary file uploads via any authenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload External Media
NVD WPScan
EPSS 1% CVSS 9.8
CRITICAL Act Now

Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Ichris
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

vFairs 3.3 is affected by Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP +1
NVD VulDB
EPSS 2% CVSS 8.8
HIGH POC This Week

Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Admidio
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Upload Plone
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload X Stream Enhanced Xegp Firmware +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload arbitrary files via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 42% CVSS 9.8
CRITICAL POC THREAT Act Now

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Kaswara
NVD WPScan
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE File Upload +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP File Upload +1
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Invoiceplane
NVD
EPSS 1% CVSS 8.8
HIGH This Week

U.S. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Emissary
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress File Upload +1
NVD GitHub WPScan
EPSS 2% CVSS 8.8
HIGH POC This Week

The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD GitHub WPScan
EPSS 2% CVSS 7.2
HIGH POC This Week

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress PHP +2
NVD GitHub WPScan
EPSS 2% CVSS 7.2
HIGH POC This Week

The Business Directory Plugin - Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Business Directory Plugin Easy Listing Directories
NVD WPScan
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD WPScan
EPSS 14% CVSS 8.8
HIGH POC THREAT This Week

NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow that is exploitable from the local network without authentication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Memory Corruption +2
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload +1
NVD WPScan
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Textpattern V4.8.4 contains an arbitrary file upload vulnerability where a plug-in can be loaded in the background without any security verification, which may lead to obtaining system permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Textpattern
NVD GitHub
EPSS 1% CVSS 9.9
CRITICAL Act Now

Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Intelligent Power Manager Intelligent Power Manager Virtual Appliance +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Easy Form Builder By Bitware
NVD GitHub WPScan
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload N5 Upload Form
NVD GitHub WPScan
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Wp Curriculo Vitae Free
NVD GitHub WPScan
EPSS 4% CVSS 9.1
CRITICAL POC Act Now

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +10
NVD WPScan
EPSS 17% CVSS 7.2
HIGH KEV THREAT This Week

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall File Upload Email Security +10
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker RCE PHP +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Deltaflow
NVD
EPSS 10% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Composr 10.0.36 allows upload and execution of PHP files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload Composr
NVD Exploit-DB
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Help Scout
NVD WPScan
EPSS 2% CVSS 9.8
CRITICAL Act Now

The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP File Upload +2
NVD WPScan
EPSS 8% CVSS 8.8
HIGH POC This Week

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP +2
NVD WPScan
EPSS 84% CVSS 7.2
HIGH POC THREAT Act Now

The WordPress Backup and Migrate Plugin - Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD WPScan Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Big Ip Access Policy Manager Big Ip Advanced Firewall Manager +12
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity.

RCE File Upload Isolated Vm
NVD GitHub
EPSS 8% CVSS 9.8
CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System 1.6.0.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear RCE File Upload +1
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue was discovered in Nokia NetAct 18A. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nokia File Upload Netact
NVD
EPSS 2% CVSS 8.6
HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP File Upload Typo3
NVD GitHub
EPSS 82% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
Prev Page 36 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy