EUVD-2018-8240

Malware in sbrugna...

EUVD-2006-0177

Malware in sbrugna...

EUVD-2024-25521

Malicious code in bioql PyPI...

PT-2025-33851 · Logicdata · Logicdata Ecommerce Framework

Name of the Vulnerable Software and Affected Versions: LogicData eCommerce Framework version 5.0.9.7000 Description: An authenticated arbitrary file upload issue exists in the Content Explorer feature. This allows attackers to execute arbitrary code by uploading a crafted file. Recommendations: A...

CVE-2025-6079

CVE-2025-6079 affects the School Management System for WordPress plugin (WordPress). It enables authenticated attackers with Student-level access or higher to upload arbitrary files due to missing file type validation in homework.php, across all versions up to 93.2.0. The vulnerability could pote...

CVE-2025-34083

An unrestricted file upload vulnerability exists in the WordPress AIT CSV Import/Export plugin ≤ 3.0.3. The plugin exposes an upload handler at upload-handler.php that allows arbitrary file upload via a multipart/form-data POST request. This endpoint does not enforce authentication or content-typ...

CVE-2022-40921

DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/filemanagecontrol.php...

CVE-2022-28528

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content=media=edit...

CVE-2021-27459

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The webserver of the affected products allows unvalidated files to be uploaded, which an attacker could utilize to execute arbitrary code...

CVE-2020-5237

Multiple relative path traversal vulnerabilities in the oneup/uploader-bundle before 1.9.3 and 2.1.5 allow remote attackers to upload, copy, and modify files on the filesystem potentially leading to arbitrary code execution via the 1 filename parameter to BlueimpController.php; the 2 dzchunkindex...

CVE-2024-53345

An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file...

PT-2024-34410 · WordPress · Wp-Emember

Name of the Vulnerable Software and Affected Versions: wp-eMember WordPress plugin versions prior to 10.6.6 Description: The issue concerns the lack of file validation for uploads, potentially allowing administrators to upload arbitrary files, including PHP files, to the server. Recommendations:...

CVE-2024-40545

An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

ModelDB Path Traversal Vulnerability

ModelDB is an open source system for machine learning model version control, metadata and experiment management open source by VertaAI. ModelDB suffers from a path traversal vulnerability that arises from improper cleaning of user-supplied file paths in the file upload function. This vulnerabilit...

Juniper Networks Junos OS EX 访问控制错误漏洞

Juniper Networks Junos OS EX is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS EX is vulnerable to an access control error vulnerability that arises from the...

CVE-2023-29657

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions...

Immunity Canvas: WPDM_FILEUPLOAD

Name| wpdmfileupload ---|--- CVE| CWE-434 Exploit Pack| CANVAS Description| wpdmfileupload Notes| CVE Name: CWE-434 VENDOR: wpeden.com Changelog: Notes: WordPress Download Manager WPDM 2.6.92 allows for authenticated users admin, editor, author, contributor, subscriber to delete and upload...