CVE-2023-40731

A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering...

EUVD-2020-28189

Malware in sbrugna...

EUVD-2022-30242

Malicious code in bioql PyPI...

EUVD-2024-35344

Malicious code in bioql PyPI...

EUVD-2025-22427

Malicious code in bioql PyPI...

EUVD-2023-28326

Malicious code in bioql PyPI...

EUVD-2025-10961

Malicious code in bioql PyPI...

CVE-2025-8323

The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-54448

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2025-29093

File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component...

CVE-2024-28424

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-28190

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...

CVE-2024-53345

An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2023-37692

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-29353

An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename...

CVE-2025-29281

CVE-2025-29281 affects PerfreeBlog 4.0.11, where an arbitrary file upload vulnerability in the attach component lets regular users upload files and execute code within them. The CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 8.8 (HIGH). Exploitation is descr...

CVE-2024-57728

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file i.e. zip slip. This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user...

CVE-2022-45185

An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution...

PT-2024-22427 · Zenml · Zenml

Name of the Vulnerable Software and Affected Versions: zenml version 0.55.4 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file, exploiting an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle materializer.py...

CVE-2023-40731

A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering...