Lucene search
K

3231 matches found

Nuclei
Nuclei
added 15 hours ago25 views

WP Mobile Detector <= 3.5 - Unrestricted File Upload

WP Mobile Detector plugin for WordPress = 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. id: CVE-2016-15043 info: name: WP Mobile...

9.8CVSS6.3AI score0.10032EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago44 views

Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution

Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetailimg' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted...

9.3CVSS6.2AI score0.02503EPSS
Exploits3References3
Nuclei
Nuclei
added 15 hours ago19 views

MikoPBX - Unrestricted File Upload

MikoPBX through 2024.1.114 contains an authenticated unrestricted file upload vulnerability caused by allowing PHP script uploads in PBXCoreREST/Controllers/Files/PostController.php. id: CVE-2025-52207 info: name: MikoPBX - Unrestricted File Upload author: darses severity: critical description: |...

9.9CVSS5.9AI score0.01465EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-58654

The Grav API plugin getgrav/grav-plugin-api 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint /api/v1/users/user/avatar. The endpoint validates only the client-declared MIME type getClientMediaType beginning with 'image/' and does not inspect the actual file...

5.3CVSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago245 views

Roxy Fileman 1.4.5 - Unrestricted File Upload

Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id: CVE-2018-20526 info: name: Roxy Fileman 1.4.5 -...

9.8CVSS7.2AI score0.73056EPSS
Exploits4References5
NVD
NVD
added 3 days ago6 views

CVE-2026-9182

Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...

9.8CVSS0.00269EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41896

ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload...

5.3CVSS6.1AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-9182

Esri ArcGIS Server contains an unrestricted file upload vulnerability. An unauthenticated attacker could exploit this issue by uploading a crafted file to the affected endpoint. Successful exploitation could allow arbitrary file upload, potentially allowing for other attacks. This issue impacts a...

9.8CVSS6.1AI score0.00269EPSS
Exploits0References2
CVE
CVE
added 4 days ago9 views

CVE-2026-14776

The CVE-2026-14776 entry concerns SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerability centers on the function pathinfo in the file /upload_files.php within the Filename Extension component, where manipulation enables unrestricted file upload. This permits remote e...

6.5CVSS6.3AI score0.00214EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Adobe ColdFusion 2023.x < 2023u21 / 2025.x < 2025u10 Multiple Vulnerabilities (APSB26-68)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2023.x update 21 or 2025.x update 10. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-68 advisory. - Unrestricted Upload of File with Dangerous Type potentially leading to Arbitrary...

10CVSS7.6AI score0.03199EPSS
Exploits3References12
NVD
NVD
added 2026/06/30 4:16 p.m.10 views

CVE-2026-48276

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00917EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 4:16 p.m.6 views

CVE-2026-48283

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.0063EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 3:11 p.m.42 views

CVE-2026-48276 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00917EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 3:11 p.m.41 views

CVE-2026-48283 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.0063EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 3:11 p.m.30 views

CVE-2026-48283

CVE-2026-48283 affects ColdFusion versions 2025.9, 2023.20 and earlier. The vulnerability is an Unrestricted Upload of File with Dangerous Type (CWE-434) that can lead to arbitrary code execution in the context of the current user. Exploitation requires no user interaction and is network‑visible;...

10CVSS6.4AI score0.0063EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 11:19 a.m.35 views

CVE-2026-53691 Remote Code Execution in Redeight CMS

An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application fails to validate file extensions and MIME types, permitting the upload of...

8.6CVSS0.00488EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 11:19 a.m.13 views

CVE-2026-53691

CVE-2026-53691 affects Redeight CMS 1.0. An Unrestricted File Upload vulnerability allows authenticated attackers to achieve Remote Code Execution via POST /admin/index.php?module=pages&mode=FileAdd. The app fails to validate file extensions and MIME types, enabling upload of arbitrary PHP script...

8.6CVSS6.1AI score0.00488EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/30 11:19 a.m.3 views

CVE-2026-53691 Remote Code Execution in Redeight CMS

An Unrestricted File Upload vulnerability in Redeight CMS version 1.0 allows authenticated attackers to achieve Remote Code Execution via the POST "/admin/index.php?module=pages&mode=FileAdd" endpoint. The application fails to validate file extensions and MIME types, permitting the upload of...

8.6CVSS6.1AI score0.00488EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 10:16 a.m.8 views

CVE-2025-24815

Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system...

7.8CVSS0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:55 a.m.6 views

EUVD-2025-210369

Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system...

7.8CVSS5.8AI score0.00151EPSS
Exploits0References1
Rows per page
Query Builder