Lucene search
K

210 matches found

Cvelist
Cvelist
added 2025/12/23 12:0 a.m.21 views

CVE-2025-51511

Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads...

0.00328EPSS
Exploits1References1
OSV
OSV
added 2025/12/22 10:16 p.m.5 views

CVE-2023-53979

MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration...

8.6CVSS6.1AI score0.01497EPSS
Exploits1References5
CVE
CVE
added 2025/12/22 9:35 p.m.11 views

CVE-2023-53979

Summary of the vulnerability (CVE-2023-53979) : MyBB 1.8.32 contains a chained vulnerability that authenticated administrators can exploit to bypass avatar upload restrictions and achieve remote code execution. The attack leverages the ability to modify upload path settings, upload a PHP-embedded...

8.8CVSS7.2AI score0.00703EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.476 views

📄 C‑Bitrix 25.100.500 Translate Module Arbitrary File Upload

C‑Bitrix version 25.100.500 proof of concept exploit that demonstrates an arbitrary file upload vulnerability in the translate module. ============================================================================================================================================= | Title : C‑Bitrix...

7.2AI score0.01549EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/12/08 3:9 a.m.7 views

CVE-2025-14182

A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to t...

9.8CVSS6.8AI score0.00378EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/05 6:31 p.m.4 views

EUVD-2025-201418

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOADPATH and passed to File.delete without validation. A remote...

8.1CVSS6.5AI score0.00693EPSS
Exploits1References2
OSV
OSV
added 2025/12/05 5:16 p.m.4 views

CVE-2025-65879

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOADPATH and passed to File.delete without validation. A remote...

8.1CVSS6AI score
Exploits0References1
NVD
NVD
added 2025/12/05 5:16 p.m.16 views

CVE-2025-65879

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOADPATH and passed to File.delete without validation. A remote...

8.1CVSS0.00693EPSS
Exploits1References1
OSV
OSV
added 2025/12/05 4:15 p.m.4 views

CVE-2025-65897

zdhweb is a data collection, processing, monitoring, scheduling, and management platform. In zdhweb thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files...

8.8CVSS8.3AI score0.00658EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/05 12:0 a.m.25 views

CVE-2025-65879

Warehouse Management System 1.2 contains an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server's UPLOADPATH and passed to File.delete without validation. A remote...

0.00693EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.6 views

PT-2025-49258

Name of the Vulnerable Software and Affected Versions Warehouse Management System version 1.2 Description The software contains an authenticated arbitrary file deletion issue. The /goods/deleteGoods API endpoint accepts a user-controlled goodsimg parameter. This parameter is directly concatenated...

8.1CVSS6.7AI score0.00693EPSS
Exploits1References6
CVE
CVE
added 2025/12/05 12:0 a.m.12 views

CVE-2025-65879

CVE-2025-65879 — Normal mode Warehouse Management System 1.2 is affected by an authenticated arbitrary file deletion vulnerability. The /goods/deleteGoods endpoint accepts a user-controlled goodsimg parameter, which is directly concatenated with the server’s UPLOAD_PATH and passed to File.delete(...

8.1CVSS6.6AI score0.00693EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.5 views

zdh_web 安全漏洞

zdhweb is a big data collection and extraction platform for zhaoyachao individual developers. A security vulnerability exists in zdhweb version 5.6.17 and earlier, which stems from insufficient file upload path validation, and may result in an authenticated user writing to an arbitrary file...

8.8CVSS6.6AI score0.00658EPSS
Exploits0References5
CVE
CVE
added 2025/12/05 12:0 a.m.12 views

CVE-2025-65897

CVE-2025-65897 affects zdh_web up to version 5.6.17. The issue is insufficient validation of file upload paths, allowing an authenticated user to write arbitrary files to the server filesystem, potentially overwriting files and enabling privilege escalation or remote code execution. Multiple sour...

8.8CVSS8AI score0.00658EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/03 2:32 p.m.9 views

CVE-2025-13949 ProudMuBai GoFilm FileController.go SingleUpload unrestricted upload

A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available and...

6.5CVSS6.5AI score0.00209EPSS
Exploits0References4
CVE
CVE
added 2025/11/26 12:37 a.m.14 views

CVE-2025-66254

The CVE-2025-66254 entry concerns DB Electronica Mozart FM Transmitter hardware/software family (versions 30–7000). The vulnerability stems from an unauthenticated deleteupgrade parameter in /var/www/upgrade_contents.php, which allows deletion of arbitrary files in /var/www/upload/ without extens...

9.1CVSS6.8AI score0.00335EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/26 12:37 a.m.4 views

CVE-2025-66254 Unauthenticated Arbitrary File Deletion (upgrade_contents.php)

Unauthenticated Arbitrary File Deletion upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary...

7.8CVSS6.8AI score0.00335EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/21 7:31 a.m.2 views

EUVD-2025-198389

The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the wpaguploadaudiocallback AJAX handler not properly validating user-supplied file paths in the audioupload...

8.1CVSS6.9AI score0.0055EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/18 6:30 a.m.6 views

EUVD-2025-197911

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

8.1CVSS7.2AI score0.00585EPSS
Exploits0References5
OSV
OSV
added 2025/11/18 4:15 a.m.5 views

CVE-2025-12974

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

8.1CVSS6.5AI score0.00585EPSS
Exploits0References4
Rows per page
Query Builder