Skip to main content

File Upload

4034 CVEs technique

Monthly

CVE-2021-21350 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
15.2%
CVE-2021-21347 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
14.3%
CVE-2021-21346 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
76.4%
CVE-2021-21344 Maven CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java Oncommand Insight Activemq +14
NVD GitHub
CVSS 3.1
9.8
EPSS
76.0%
CVE-2021-24145 HIGH POC THREAT Act Now

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload Modern Events Calendar Lite
NVD WPScan Exploit-DB
CVSS 3.1
7.2
EPSS
88.2%
CVE-2021-24123 HIGH POC This Week

Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Powerpress
NVD WPScan
CVSS 3.1
7.2
EPSS
1.6%
CVE-2021-28294 CRITICAL POC Act Now

Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Online Ordering System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.7%
CVE-2021-27817 PHP CRITICAL Act Now

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Shopxo
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-28379 HIGH POC PATCH This Week

web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload Myvesta Vesta Control Panel
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
6.0%
CVE-2021-27964 CRITICAL POC THREAT Act Now

SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sonlogger
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
46.0%
CVE-2021-21978 CRITICAL POC THREAT Emergency

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload VMware View Planner
NVD
CVSS 3.1
9.8
EPSS
99.0%
CVE-2021-27198 CRITICAL Act Now

An issue was discovered in Visualware MyConnection Server before v11.1a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft File Upload Java Myconnection Server
NVD
CVSS 3.1
9.8
EPSS
13.6%
CVE-2021-20659 HIGH This Week

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2021-3120 CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP File Upload Yith Woocommerce Gift Cards
NVD GitHub
CVSS 3.1
9.8
EPSS
36.8%
CVE-2021-27513 HIGH POC PATCH THREAT This Week

The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Eyesofnetwork
NVD GitHub
CVSS 3.1
8.8
EPSS
28.4%
CVE-2021-26809 CRITICAL POC Act Now

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Car Rental Portal
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-25780 HIGH POC This Week

An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Baby Care System
NVD GitHub
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-21014 PHP CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Adobe Magento
NVD
CVSS 3.0
9.1
EPSS
4.2%
CVE-2021-26918 CRITICAL POC Act Now

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bot
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2021-3378 CRITICAL POC THREAT Emergency

FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Fortilogger
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
97.5%
CVE-2021-3164 HIGH POC This Week

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload Churchrota
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2021-22698 HIGH This Week

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE File Upload Ecostruxure Power Build Rapsody
NVD
CVSS 3.1
7.8
EPSS
3.9%
CVE-2021-22697 HIGH This Week

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Ecostruxure Power Build Rapsody
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2021-3166 HIGH POC This Week

An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dsl N14U B1 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2021-21245 CRITICAL PATCH Act Now

OneDev is an all-in-one devops platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Onedev
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-35797 CRITICAL Act Now

NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Netgear Command Injection Nms300 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2020-26286 HIGH PATCH This Week

HedgeDoc is a collaborative platform for writing and sharing markdown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Hedgedoc
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-35627 HIGH POC This Week

Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Gift Cards
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-27397 HIGH POC This Week

Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Online Matrimonial Project
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-35657 HIGH POC This Week

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Jaws
NVD GitHub
CVSS 3.1
7.2
EPSS
2.4%
CVE-2020-35656 HIGH POC This Week

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Jaws
NVD GitHub
CVSS 3.1
7.2
EPSS
2.4%
CVE-2020-29447 MEDIUM This Month

Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian File Upload Denial Of Service Crucible
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2020-26174 HIGH POC This Week

tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Business Workflow
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-35489 CRITICAL Act Now

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress RCE Contact Form 7
NVD WPScan
CVSS 3.1
10.0
EPSS
89.6%
CVE-2020-25010 CRITICAL Act Now

An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Kps2204 6 Port Managed Din Rail Programmable Serial Device Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-35133 HIGH POC This Week

irfanView 4.56 contains an error processing parsing files of type .pcx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Irfanview
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2020-29607 HIGH POC THREAT This Week

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Pluck
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
33.4%
CVE-2020-28072 HIGH POC This Week

A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Alumni Management System
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2020-26828 MEDIUM This Month

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Disclosure Management
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2020-26826 MEDIUM This Month

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2020-23520 HIGH POC This Week

imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Imcat
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-26255 PHP CRITICAL PATCH Act Now

Kirby is a CMS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Kirby Panel
NVD GitHub
CVSS 3.1
9.1
EPSS
1.5%
CVE-2020-29597 CRITICAL POC THREAT Act Now

IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Incomcms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
71.0%
CVE-2020-28939 HIGH POC This Week

OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Openclinic
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-29441 MEDIUM This Month

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Denial Of Service Outsystems
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-25537 CRITICAL POC Act Now

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ucms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-13671 PHP HIGH KEV PATCH THREAT This Week

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Drupal Fedora
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2020-7569 HIGH PATCH This Week

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Webreports
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2020-25406 HIGH POC This Week

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Lemocms
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2020-28130 CRITICAL POC Act Now

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Online Library Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
6.3%
CVE-2020-26553 CRITICAL POC Act Now

An issue was discovered in Aviatrix Controller before R6.0.2483. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Controller
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-28136 HIGH POC This Week

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Tourism Management System
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.9%
CVE-2020-28140 CRITICAL POC Act Now

SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Clothing Store
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-28688 HIGH POC THREAT This Week

The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Artworks Gallery In Php Css Javascript And Mysql
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
11.9%
CVE-2020-28687 HIGH POC THREAT This Week

The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Artworks Gallery In Php Css Javascript And Mysql
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
11.9%
CVE-2020-28693 HIGH POC This Week

An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Horizontcms
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2020-28692 HIGH POC This Week

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Gila Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2020-13774 CRITICAL Act Now

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.9
EPSS
4.7%
CVE-2020-27386 HIGH POC THREAT Act Now

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g.,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flexdotnetcms
NVD GitHub
CVSS 3.1
8.8
EPSS
72.9%
CVE-2020-26804 HIGH POC This Week

In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-26803 HIGH POC This Week

In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2020-26820 HIGH This Week

SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Privilege Escalation SAP Netweaver Application Server Java
NVD
CVSS 3.1
7.2
EPSS
3.9%
CVE-2020-23138 CRITICAL Act Now

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Microweber
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-24407 PHP CRITICAL PATCH Act Now

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe File Upload RCE Magento
NVD
CVSS 3.1
9.1
EPSS
5.5%
CVE-2020-28328 HIGH POC THREAT Act Now

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Suitecrm
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
63.3%
CVE-2020-27387 HIGH POC PATCH THREAT Act Now

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP Horizontcms
NVD GitHub
CVSS 3.1
8.8
EPSS
18.5%
CVE-2020-15273 PHP HIGH PATCH This Week

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Basercms
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-15277 PHP HIGH PATCH This Week

baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Basercms
NVD GitHub
CVSS 3.1
7.2
EPSS
2.2%
CVE-2020-4588 HIGH PATCH This Week

IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM I2 Ibase
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2020-11486 CRITICAL Act Now

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Nvidia Bmc Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2020-8260 HIGH POC KEV THREAT Act Now

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Connect Secure
NVD
CVSS 3.1
7.2
EPSS
96.5%
CVE-2020-27956 CRITICAL POC Act Now

An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Car Rental Management System
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
5.2%
CVE-2020-25483 CRITICAL POC Act Now

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ucms
NVD
CVSS 3.1
9.8
EPSS
8.6%
CVE-2020-3436 HIGH This Week

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cisco Denial Of Service Adaptive Security Appliance Firepower Threat Defense +1
NVD
CVSS 3.1
8.6
EPSS
1.9%
CVE-2020-24408 PHP MEDIUM PATCH This Month

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Adobe Magento
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2020-26583 MEDIUM This Month

An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Sage Dpw
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-26048 HIGH This Week

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Cuppacms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-26166 MEDIUM This Month

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Qdpm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-12715 HIGH POC This Week

RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pacsone Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-15849 HIGH POC This Week

Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Upload SQLi PHP Re
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2020-15488 HIGH POC This Week

Re:Desk 2.3 allows insecure file upload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Re
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-25763 CRITICAL POC Act Now

Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Seat Reservation System
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2020-21564 HIGH POC This Week

An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pluck
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2020-19672 CRITICAL POC Act Now

Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Niushop
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-12843 CRITICAL POC Act Now

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ismartgate Pro Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-12837 HIGH POC This Week

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ismartgate Pro Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2020-25515 HIGH This Week

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload PHP Simple Library Management System
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-15839 Maven MEDIUM PATCH This Month

Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-14022 HIGH POC This Week

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ozeki Ng Sms Gateway
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-4620 HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM Data Risk Manager
NVD
CVSS 3.1
8.8
EPSS
5.2%
EPSS 15% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 14% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 76% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 76% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

XStream is a Java library to serialize objects to XML and back again. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload Java +16
NVD GitHub
EPSS 88% CVSS 7.2
HIGH POC THREAT Act Now

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP File Upload +1
NVD WPScan Exploit-DB
EPSS 2% CVSS 7.2
HIGH POC This Week

Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress File Upload Powerpress
NVD WPScan
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store/initiateorder.php, which may lead to remote code execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD Exploit-DB
EPSS 3% CVSS 9.8
CRITICAL Act Now

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Shopxo
NVD GitHub
EPSS 6% CVSS 8.8
HIGH POC PATCH This Week

web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta through 0.9.8-26-39 allows uploads from a different origin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP File Upload Myvesta +1
NVD GitHub Exploit-DB
EPSS 46% CVSS 9.8
CRITICAL POC THREAT Act Now

SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sonlogger
NVD GitHub Exploit-DB
EPSS 99% CVSS 9.8
CRITICAL POC THREAT Emergency

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload VMware +1
NVD
EPSS 14% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Visualware MyConnection Server before v11.1a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft File Upload +2
NVD
EPSS 2% CVSS 8.8
HIGH This Week

SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP File Upload +1
NVD
EPSS 37% CVSS 9.8
CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE PHP +2
NVD GitHub
EPSS 28% CVSS 8.8
HIGH POC PATCH THREAT This Week

The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload Eyesofnetwork
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Car Rental Portal
NVD Exploit-DB
EPSS 2% CVSS 7.2
HIGH POC This Week

An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Baby Care System
NVD GitHub
EPSS 4% CVSS 9.1
CRITICAL PATCH Act Now

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Adobe +1
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

The ProBot bot through 2021-02-08 for Discord might allow attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature (or possibly have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Bot
NVD
EPSS 98% CVSS 9.8
CRITICAL POC THREAT Emergency

FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then visiting Assets/temp/hotspot/img/logohotspot.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Fortilogger
NVD GitHub Exploit-DB
EPSS 4% CVSS 8.8
HIGH POC This Week

ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP File Upload +1
NVD GitHub
EPSS 4% CVSS 7.8
HIGH This Week

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE File Upload +1
NVD
EPSS 3% CVSS 7.8
HIGH This Week

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Ecostruxure Power Build Rapsody
NVD
EPSS 3% CVSS 7.5
HIGH POC This Week

An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dsl N14U B1 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

OneDev is an all-in-one devops platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Onedev
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an unauthenticated attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Netgear Command Injection +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

HedgeDoc is a collaborative platform for writing and sharing markdown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Hedgedoc
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE +2
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian File Upload Denial Of Service +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Business Workflow
NVD
EPSS 90% CVSS 10.0
CRITICAL Act Now

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress RCE +1
NVD WPScan
EPSS 2% CVSS 9.8
CRITICAL Act Now

An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Kps2204 6 Port Managed Din Rail Programmable Serial Device Firmware
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

irfanView 4.56 contains an error processing parsing files of type .pcx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Irfanview
NVD GitHub
EPSS 33% CVSS 7.2
HIGH POC THREAT This Week

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Pluck
NVD GitHub Exploit-DB
EPSS 3% CVSS 7.2
HIGH POC This Week

A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 1% CVSS 6.4
MEDIUM This Month

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Disclosure Management
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload SAP Netweaver Application Server Java
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Imcat
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL PATCH Act Now

Kirby is a CMS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Kirby +1
NVD GitHub
EPSS 71% CVSS 9.8
CRITICAL POC THREAT Act Now

IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Incomcms
NVD GitHub Exploit-DB
EPSS 2% CVSS 7.2
HIGH POC This Week

OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Denial Of Service Outsystems
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ucms
NVD GitHub
EPSS 4% CVSS 8.8
HIGH KEV PATCH THREAT This Week

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Drupal +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Webreports
NVD
EPSS 1% CVSS 7.3
HIGH POC This Week

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Lemocms
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in Aviatrix Controller before R6.0.2483. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Controller
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Clothing Store
NVD Exploit-DB
EPSS 12% CVSS 8.8
HIGH POC THREAT This Week

The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Artworks Gallery In Php Css Javascript And Mysql
NVD Exploit-DB
EPSS 12% CVSS 8.8
HIGH POC THREAT This Week

The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Artworks Gallery In Php Css Javascript And Mysql
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH POC This Week

An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Horizontcms
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Gila Cms
NVD GitHub
EPSS 5% CVSS 9.9
CRITICAL Act Now

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Ivanti +1
NVD
EPSS 73% CVSS 8.8
HIGH POC THREAT Act Now

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g.,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flexdotnetcms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

In Sentrifugo 3.2, users can share an announcement under "Organization -> Announcements" tab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

In Sentrifugo 3.2, users can upload an image under "Assets -> Add" tab. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD
EPSS 4% CVSS 7.2
HIGH This Week

SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Privilege Escalation SAP +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Microweber
NVD GitHub
EPSS 6% CVSS 9.1
CRITICAL PATCH Act Now

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe File Upload RCE +1
NVD
EPSS 63% CVSS 8.8
HIGH POC THREAT Act Now

SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD GitHub Exploit-DB
EPSS 18% CVSS 8.8
HIGH POC PATCH THREAT Act Now

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload PHP Horizontcms
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS File Upload Basercms
NVD GitHub
EPSS 2% CVSS 7.2
HIGH PATCH This Week

baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Nvidia +1
NVD
EPSS 96% CVSS 7.2
HIGH POC KEV THREAT Act Now

A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Connect Secure
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD Exploit-DB
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ucms
NVD
EPSS 2% CVSS 8.6
HIGH This Week

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cisco Denial Of Service +3
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a persistent XSS vulnerability that allows users to upload malicious JavaScript via the file upload component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS File Upload Adobe +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Sage Dpw
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Qdpm
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pacsone Server
NVD GitHub
EPSS 3% CVSS 7.2
HIGH POC This Week

Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure File Upload SQLi +2
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Re:Desk 2.3 allows insecure file upload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Re
NVD
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP +1
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Pluck
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Niushop
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ismartgate Pro Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ismartgate Pro Firmware
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload PHP Simple Library Management System
NVD GitHub VulDB
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Digital Experience Platform Liferay Portal
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ozeki Ng Sms Gateway
NVD GitHub
EPSS 5% CVSS 8.8
HIGH PATCH This Week

IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE IBM +1
NVD
Prev Page 37 of 45 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy