CVE-2023-40731

A vulnerability has been identified in QMS Automotive All versions V12.39. The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering...

PT-2025-46574

Name of the Vulnerable Software and Affected Versions a+HRD and a+HCM versions affected versions not specified Description The a+HRD and a+HCM applications developed by aEnrich are susceptible to a Stored Cross-Site Scripting issue. Authenticated remote attackers can upload files containing...

EUVD-2020-28189

Malware in sbrugna...

EUVD-2022-30242

Malicious code in bioql PyPI...

EUVD-2025-22427

Malicious code in bioql PyPI...

EUVD-2024-35344

Malicious code in bioql PyPI...

EUVD-2023-28326

Malicious code in bioql PyPI...

EUVD-2025-10961

Malicious code in bioql PyPI...

CVE-2012-10062

CVE-2012-10062 affects XAMPP 1.7.3 with default WebDAV configuration, where the WebDAV service at /webdav/ accepts HTTP PUT using default credentials, allowing remote authenticated attackers to upload a PHP payload and trigger execution via a GET request, resulting in remote code execution on the...

Trend Micro Apex One OS Command Injection Vulnerability

Trend Micro Apex One Management Console on-premise contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...

CVE-2025-54948

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations...

CVE-2025-54987

A vulnerability in Trend Micro Apex One on-premise management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is essentially the same as CVE-2025-54948 but targets a different CPU architecture...

CVE-2025-8323

The e-School from Ventem has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-54448

Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2025-29093

File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component...

CVE-2024-28424

zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-28190

Contao is an open source content management system. Starting in version 4.0.0 and prior to version 4.13.40 and 5.3.4, users can inject malicious code in filenames when uploading files back end and front end, which is then executed in tooltips and popups in the back end. Contao versions 4.13.40 an...

CVE-2024-53345

An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2023-37692

An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-43146

An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...