CVE-2023-53869

WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server...

EUVD-2025-197982

A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution...

CVE-2025-41736 Possible arbitrary code execution

A low privileged remote attacker can upload a new or overwrite an existing python script by using a path traversal of the target filename in php resulting in a remote code execution...

📄 ClipBucket 5.5.0 Shell Upload

ClipBucket versions 5.5.0 and below suffer from a remote shell upload vulnerability. Exploit Title: ClipBucket 5.5.0 - Arbitrary File Upload Google Dork: N/A Date: 2025-09-11 Exploit Author: Mukundsinh Solanki r00td3str0y3r Vendor Homepage: https://clipbucket.com Software Link:...

EUVD-2013-7223

Malware in sbrugna...

EUVD-2020-19373

Malware in sbrugna...

EUVD-2020-29307

Malware in sbrugna...

EUVD-2021-1373

Malware in sbrugna...

EUVD-1999-0268

Malware in sbrugna...

EUVD-2008-1866

Malware in sbrugna...

EUVD-2023-29164

Malicious code in bioql PyPI...

EUVD-2022-44533

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

UnoPim is vulnerable to a stored cross-site scripting XSS vulnerability. The vulnerability is due to a MIME/sanitizer bypass in SVG files, which allows attackers to upload a specially crafted SVG image containing malicious script...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx

CVE-2025-57819 FreePBX Pre-Auth RCE FreePBX Pre-Auth RCE 1day...

PT-2025-34700

Name of the Vulnerable Software and Affected Versions: WebErpMesv2 version 1.17 Description: A file upload vulnerability exists in the app/Http/Controllers/FactoryController.php controller. An authenticated attacker can upload arbitrary files, including PHP scripts. These files are accessible via...

Linux Distros Unpatched Vulnerability : CVE-2025-24801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This...

CVE-2025-27724

A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can upload a malicious file to trigger this vulnerability...

CVE-2025-52207

PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...

CVE-2025-52207

PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...

CVE-2025-52207

PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...