1057 matches found
Simple Employee Records System 1.0 - Unrestricted File Upload
Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution. id: CVE-2019-20183 info: name: Simple Employee Record...
Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. id: CVE-2023-24489 info: name: Citrix ShareFile StorageZones...
Apache Flink 1.5.1 - Local File Inclusion
Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER. id: CVE-2020-17518 info: name: Apache Flink 1.5.1 - Local File Inclusion author: pdteam severit...
VMware View Planner <4.6 SP1- Remote Code Execution
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability due to improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could...
Joomla! Component GMapFP 3.5 - Arbitrary File Upload
Joomla! Component GMapFP 3.5 is vulnerable to arbitrary file upload vulnerabilities. An attacker can access the upload function of the application without authentication and can upload files because of unrestricted file upload which can be bypassed by changing Content-Type & name file too double...
Atom CMS v2.0 - Remote Code Execution
Atom CMS v2.0 was discovered to contain a remote code execution RCE vulnerability via /admin/uploads.php. id: CVE-2022-25487 info: name: Atom CMS v2.0 - Remote Code Execution author: theamanrawat severity: critical description: | Atom CMS v2.0 was discovered to contain a remote code execution RCE...
WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution
WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supportedtype to php% and uploading a .php% file. id: CVE-2020-12800 info: name: WordPress Contact Form 7 1.3.3.3 - Remote Code Execution author: dwisiswant0 severity: critical description...
Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution
Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal. id: CVE-2021-40870 info: name: Aviatrix Controller 6.x before 6.5-1804.192...
Elementor Website Builder - Remote Code Execution
The Elementor Website Builder plugin for WordPress versions 3.6.0 to 3.6.2 are vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the /core/app/modules/onboarding/module.php file. This makes it possible for attackers to modify site data and upload...
Security Bulletin: Due to IBM Storage Scale, IBM Cloud Pak System is affected by multiple vulnerabilities [CVE-2025-48976, CVE-2025-30204, CVE-2025-1137].
Summary Execute privileged command and denial of service vulnerabilities found in IBM Storage Scale previously known as IBM Spectrum Scale affect IBM Cloud Pak System. These vulnerabilities were addressed in IBM Cloud Pak System v2.3.6.1 and IBM Cloud Pak System v2.3.5.1 Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System version 2.3.6.1 and IBM Cloud Pak System version 2.3.5.1. Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for...
Juniper Devices - Remote Code Execution
Multiple cves in Juniper Network CVE-2023-36844|CVE-2023-36845|CVE-2023-36846|CVE-2023-36847.A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables...
WordPress wpDiscuz <=7.0.4 - Remote Code Execution
WordPress wpDiscuz plugin versions version 7.0 through 7.0.4 are susceptible to remote code execution. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server. id: CVE-2020-24186 info: nam...
EUVD-2026-39108
Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...
CVE-2026-9772 Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability
Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...
CVE-2026-9772
Unraid Web Server FileUpload Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within FileUpload.php. T...
PT-2026-52119
Name of the Vulnerable Software and Affected Versions Unraid Web Server affected versions not specified Description A command injection flaw in the FileUpload.php file allows authenticated remote attackers to execute arbitrary code in the context of the www-data user. The issue is caused by...
ROOT-APP-MAVEN-CVE-2025-48976 CVE-2025-48976 in io.root.commons-fileupload:commons-fileupload - Patched by Root
Root has patched CVE-2025-48976 in the io.root.commons-fileupload:commons-fileupload package for Root:Maven. Multiple fixed versions available...
WordPress File Manager Plugin - Remote Code Execution
The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files. id: CVE-2020-25213 Uploaded file will be accessible at:-...
FortiLogger 4.4.2.2 - Arbitrary File Upload
FortiLogger 4.4.2.2 is affected by arbitrary file upload issues. Attackers can send a "Content-Type: image/png" header to Config/SaveUploadedHotspotLogoFile and then Assets/temp/hotspot/img/logohotspot.asp. id: CVE-2021-3378 info: name: FortiLogger 4.4.2.2 - Arbitrary File Upload author:...