CVE-2025-46616

CVE-2025-46616 affects Quantum StorNext Web GUI API and StorNext components (StorNext RYO, StorNext Xcellis Workflow Director, and ActiveScale Cold Storage) prior to version 7.2.4. The vulnerability stems from a file upload path that could enable Arbitrary Remote Code Execution (RCE). Impact is d...

CVE-2025-43946

The CVE-2025-43946 entry concerns TCPWave DDI 11.34P1C2. The issue is Remote Code Execution caused by Unrestricted File Upload combined with Path Traversal, enabling an attacker to upload files and traverse directories to execute arbitrary code. CVSSv3.1 metrics indicate a NETWORK-vector, exploit...

CVE-2020-20969

File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcanrestoreitem.php file...

CVE-2025-32118 WordPress CMP – Coming Soon & Maintenance plugin <= 4.1.14 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in NiteoThemes CMP – Coming Soon & Maintenance cmp-coming-soon-maintenance allows Using Malicious Files.This issue affects CMP – Coming Soon & Maintenance: from n/a through = 4.1.14...

CVE-2025-2012 Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt VS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...

CVE-2025-27410 PwnDoc Arbitrary File Write to RCE using Path Traversal in backup restore as admin

PwnDoc is a penetration test reporting application. Prior to version 1.2.0, the backup restore functionality is vulnerable to path traversal in the TAR entry's name, allowing an attacker to overwrite any file on the system with their content. By overwriting an included .js file and restarting the...

CVE-2021-26610

The moveuploadedfile function in godomall5 does not perform an integrity check of extension or authority when user upload file. This vulnerability allows an attacker to execute an remote arbitrary code...

CVE-2024-39865

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker...

CVE-2024-11610

CVE-2024-11610 affects AutomationDirect C-More EA9/EAP9 programming software. The vulnerability stems from parsing EAP9 files, where improper validation of user-supplied data can cause memory corruption and enable remote code execution. Exploitation requires user interaction (target opens a malic...

CVE-2024-48760

GestioIP 3.5.7 has a remote code execution (RCE) via the file upload feature. An attacker can upload a malicious perlcmd.cgi that overwrites upload.cgi, enabling arbitrary commands on the server. CVSSv3.1: 9.8 (CRITICAL), AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Exploitation details appear in exploit...

[ASA-202501-1] rsync: multiple issues

Arch Linux Security Advisory ASA-202501-1 ========================================= Severity: Critical Date : 2025-01-14 CVE-ID : CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 Package : rsync Type : multiple issues Remote : Yes Link :...

CVE-2024-54724

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion...

CVE-2024-54724

PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Struts

🚨🚨 CVE-2024-53677-S2-067 🚨🚨 Security Notice: CVE-2024-53677...

Directory Traversal

dotnetzip is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file paths during extraction in the src/Zip.Shared/ZipEntry.Extract.cs component, allowing remote attackers to execute arbitrary code...

[SECURITY] [DSA 5769-1] git security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5769-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 13, 2024 https://www.debian.org/security/faq -...

PT-2023-28012 · Unknown · Esst Monitoring

Name of the Vulnerable Software and Affected Versions: eSST Monitoring version 2.147.1 Description: The issue is related to a remote code execution RCE vulnerability via the file upload function. Recommendations: For eSST Monitoring version 2.147.1, consider disabling the file upload function unt...

CVE-2021-31707

Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type...

PT-2023-8445

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.441 and earlier, including LTS 2.426.2 and earlier. Description: Jenkins is vulnerable to an arbitrary file read vulnerability through its command line interface CLI. This flaw stems from the args4j library's expandAtFiles...

PT-2022-26739 · Ayacms · Ayacms

Name of the Vulnerable Software and Affected Versions: AyaCMS version 3.1.2 Description: The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability in the /admin/fst upload.inc.php component. Recommendations: For AyaCMS version...