CVE-2022-28606

An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server...

CVE-2022-28120

Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server...

CVE-2022-41572

An issue was discovered in EyesOfNetwork EON through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server...

CVE-2020-35339

In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server...

CVE-2020-26803

In Sentrifugo 3.2, users can upload an image under "Assets - Add" tab. This "Upload Images" functionality is suffered from "Unrestricted File Upload" vulnerability so attacker can upload malicious files using this functionality and control the server...

CVE-2020-23765

A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server...

CVE-2018-14911

A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload a script Trojan to admin.php/admin/configset/index/group/upload.html to gain server control by...

CVE-2003-1333

Unspecified vulnerability in the Cache' Server Page CSP implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server...

PT-2025-20163 · Unknown · Themefic Instantio

Name of the Vulnerable Software and Affected Versions: Themefic Instantio versions n/a through 3.3.16 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and...

CVE-2025-22024 nfsd: fix management of listener transports

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a root user using nfsdctl command can try to remove a particular listener from the list of previously added ones, then start the server by...

File Upload Vulnerability in MCMS of Jiangxi Minsoft Technology Co.

MCMS is a java-based development of a lightweight open source content management system . Jiangxi Mingsoft Technology Co., Ltd MCMS file upload vulnerability, an attacker can use the vulnerability to obtain control of the server...

Shenzhen Qixin Haozitong Cloud Computing Co., Ltd. Haozitong-Cloud Conference has file upload vulnerability

GoodView-Cloud Conference is a network video conference product based on cloud computing technology. Shenzhen Qixin Haozitong Cloud Computing Co., Ltd Haozitong-Cloud Conference has a file upload vulnerability that can be exploited by an attacker to gain control of the server...

Logic Flaw Vulnerability in H3C Magic R3010 Gigabit Dual Band Wi-Fi 6 Router from Xinhua San Technology Co.

Xinhua San Technology Co., Ltd. is a global leader in digital solutions. A logic flaw vulnerability exists in the H3C Magic R3010 Gigabit Dual Band Wi-Fi 6 Router from Xinhua San Technologies Limited, which can be exploited by an attacker to gain control of the server...

Binary Vulnerability in NX15 of Xinhuanet Technologies Ltd.

Xinhua San Technology Co., Ltd. is a global leader in digital solutions. A binary vulnerability exists in NX15 of Xinhua San Technologies Limited, which can be exploited by attackers to gain control of a server...

CVE-2025-2494

CVE-2025-2494 describes an unrestricted file upload vulnerability in Softdial Contact Center (Sytel Ltd.). An attacker can upload files via the /softdial/phpconsole/upload.php endpoint, which is protected by basic HTTP authentication, into a directory exposed by the web application. The uploaded ...

CVE-2025-2494 Unrestricted file upload vulnerability in Softdial Contact Center

Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory exposed by the web...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

🚀 WordPress Really Simple Security Plugin Vulnerability CVE-2...

CVE-2024-57099

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server...

CVE-2024-5826

In the latest version of vanna-ai/vanna, the vanna.ask function is vulnerable to remote code execution due to prompt injection. The root cause is the lack of a sandbox when executing LLM-generated code, allowing an attacker to manipulate the code executed by the exec function in...

CVE-2024-57099

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server...