EUVD-2024-33610

Malicious code in bioql PyPI...

EUVD-2025-29037

Malicious code in bioql PyPI...

EUVD-2024-32979

Malicious code in bioql PyPI...

EUVD-2024-43951

Malicious code in bioql PyPI...

CVE-2025-10267

NUP Portal developed by NewType Infortech has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly upload files. If the attacker manages to bypass the file extension restrictions, they could upload a webshell and execute it on the server side...

CVE-2020-21976

An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands...

CVE-2025-3928

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: “Webservers can be compromised through bad actors creating and executing webshells.” Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217...

CVE-2025-21624

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...

CVE-2024-11311

The CVE-2024-11311 entry concerns TRCore DVC (File Upload Vulnerability). The connected documents describe a Path Traversal flaw in DVC that does not restrict uploaded file types, allowing unauthenticated remote attackers to upload arbitrary files to any directory and achieve arbitrary code execu...

PT-2024-16706 · Unknown · Grand Vice Info Webopac

Name of the Vulnerable Software and Affected Versions: Grand Vice Info Webopac versions up to 6.5.0/7.2.2 Description: The issue is related to the lack of proper file type validation in the Webopac component, allowing unauthenticated remote attackers to upload and execute webshells. This could le...

CVE-2024-4306

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...

CVE-2024-4306 Unrestricted Upload of File with Dangerous Type vulnerability in HubBank

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...

CVE-2024-4306

CVE-2024-4306 affects HubBank version 1.0.2 and is a critical unrestricted file upload vulnerability. A registered user can upload malicious PHP files through upload document fields, enabling webshell execution on the server. The connected PT-2024-30276 advisory corroborates a high-severity, clie...

CVE-2024-4306 Unrestricted Upload of File with Dangerous Type vulnerability in HubBank

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...

CVE-2021-42669

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboardteacher.php, which allows changing the avatar through teacheravatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By...