CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events

Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...

PT-2025-32686 · Kanboard · Kanboard

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.47 Description: Kanboard is project management software based on the Kanban methodology. A deserialization issue in ProjectEventActvityFormatter allows administrators to instantiate arbitrary PHP objects by...

PT-2025-31863 · Unknown · Unisite Cms

Name of the Vulnerable Software and Affected Versions: Unisite CMS version 5.0 Description: Unisite CMS version 5.0 contains a stored Cross-Site Scripting XSS vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an...

CVE-2025-50754

Unisite CMS version 5.0 contains a stored Cross-Site Scripting XSS vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an administrator. This allows attackers to hijack the admin session and, by leveraging the...

CVE-2014-125126

An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header access=3 with HTTP requests. The application’s upload mechanism fails to restrict file types and does not...

CVE-2025-8323

The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2014-125126

CVE-2014-125126 affects Simple E-Document versions 3.0–3.1. The vulnerability arises from an unrestricted file upload mechanism that does not validate file types or sanitize input, enabling an unauthenticated attacker to upload malicious PHP scripts. Authentication can be bypassed by sending a cr...

CVE-2025-8323 Ventem｜e-School - Arbitrary File Upload

The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

PT-2025-31375 · Ventem · E-School

Name of the Vulnerable Software and Affected Versions: e-School from Ventem affected versions not specified Description: The e-School from Ventem has an Arbitrary File Upload vulnerability. This allows unauthenticated remote attackers to upload and execute web shell backdoors, enabling arbitrary...

CVE-2025-5243

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...

CVE-2025-54443

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2025-54438

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2025-54446

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0...

Exploit for Deserialization of Untrusted Data in Microsoft

SharePoint "ToolShell" RCE Exploit CVE-2025-53770 Overvi...

CVE-2025-5243

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...

CVE-2025-5243

CVE-2025-5243 affects SMG Software Information Portal. Affected versions before 13.06.2025 are vulnerable to unrestricted file upload and improper neutralization of special elements in OS command contexts, enabling code injection and potential upload of a web shell leading to code inclusion. The ...

CVE-2025-5243 Arbitrary File Upload in SMG Software's Information Portal

Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in SMG Software Information Portal allows Code Injection, Upload a Web Shell to a Web Server, Code Inclusion. This issue affects Information...

PT-2025-30665

Name of the Vulnerable Software and Affected Versions SMG Software Information Portal versions prior to 13.06.2025 Description The software contains an unrestricted file upload and improper neutralization of special elements used in an OS command vulnerability, potentially leading to code injecti...

CVE-2025-7917

WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-54446

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0...