EUVD-2023-35530

Malicious code in bioql PyPI...

CVE-2025-7895 harry0703 MoneyPrinterTurbo File Extension video.py upload_bgm_file unrestricted upload

A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function uploadbgmfile of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It i...

CVE-2025-7755

CVE-2025-7755 affects code-projects Online Ordering System 1.0. The vulnerability resides in the processing of the file parameter in /admin/edit_product.php, where manipulation of the image argument enables unrestricted file uploads. This could allow remote attackers to upload arbitrary files, po...

CVE-2025-7412

A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/student/profile.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The...

CVE-2025-7181

CVE-2025-7181 affects code-projects Staff Audit System 1.0. The vulnerability is in an unknown function of /test.php where manipulating the uploadedfile parameter enables unrestricted file uploads, allowing remote exploitation. Public exploit information exists in the CVE description. Several sou...

CVE-2025-3566

A vulnerability, which was classified as critical, has been found in veal98 小牛肉 Echo 开源社区系统 4.2. This issue affects the function uploadMdPic of the file /discuss/uploadMdPic. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack may be initiated remotely. T...

CVE-2024-49668

CVE-2024-49668 – Verbalize WP (WordPress plugin) Arbitrary File Upload . Affected: Verbalize WP up to version 1.0. Description: Unrestricted Upload of File with Dangerous Type could allow a Web Shell upload to the server. Sources/verification: Wordfence Intelligence vulnerability entry notes Unpa...

CVE-2024-49327

Unrestricted Upload of File with Dangerous Type vulnerability in bepitulaz Woostagram Connect woostagram-connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through = 1.0.2...

CVE-2024-47319

Unrestricted Upload of File with Dangerous Type vulnerability in Bit Apps Bit Form bit-form.This issue affects Bit Form: from n/a through = 2.13.10...

CVE-2024-31411

Unrestricted Upload of File with dangerous type vulnerability in Apache StreamPipes. Such a dangerous type might be an executable file that may lead to a remote code execution RCE. The unrestricted upload is only possible for authenticated and authorized users. This issue affects Apache...

CVE-2024-27957

Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1...

Pimcore contains Unrestricted Upload of File with Dangerous Type

Impact The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature p.e. GIF89 and sending any invalid content-type. This could allow an authenticated attacker to uplo...

CVE-2022-0472 Unrestricted Upload of File with Dangerous Type in jsdecena/laracom

Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9...

Exploit for Unrestricted Upload of File with Dangerous Type in Microsoft

ProxyShell Proof of Concept Exploit for Microsoft Exchange CVE...

Unrestricted file upload

Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file...

D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities

D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link Central WiFiManager Software Controller Multiple Vulnerabilities 1. Advisory Information Title: D-Link Central WiFiManager Software Controller...

D-Link Central WiFiManager Software Controller Code Execution / XSS Exploit

D-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected. D-Link Central WiFiManager Software Controller Multiple Vulnerabilities 1. Advisory Information Title: D-Link Central WiFiManager...