Total
3758 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68910 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogzee blogzee allows Using Malicious Files.This issue affects Blogzee: from n/a through <= 1.0.5. | ||||
| CVE-2025-68986 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Miion miion allows Upload a Web Shell to a Web Server.This issue affects Miion: from n/a through <= 1.2.7. | ||||
| CVE-2025-68909 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in blazethemes Blogistic blogistic allows Using Malicious Files.This issue affects Blogistic: from n/a through <= 1.0.5. | ||||
| CVE-2025-69312 | 2 Wordpress, Xpro | 2 Wordpress, Xpro Elementor Addons | 2026-01-23 | N/A |
| Unrestricted Upload of File with Dangerous Type vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Upload a Web Shell to a Web Server.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1. | ||||
| CVE-2024-9932 | 1 Jurre De Klijn | 1 Wux Blog Editor | 2026-01-23 | 9.8 Critical |
| The Wux Blog Editor plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'wuxbt_insertImageNew' function in versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2024-50526 | 2 Lindeni, Mahlamusa | 2 Multi Purpose Mail Form, Multi Purpose Mail Form | 2026-01-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2. | ||||
| CVE-2024-51791 | 1 Madeit | 1 Forms | 2026-01-23 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0. | ||||
| CVE-2025-52691 | 1 Smartertools | 1 Smartermail | 2026-01-23 | 10 Critical |
| Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. | ||||
| CVE-2023-53889 | 2 Grabaperch, Perch | 2 Perch, Perch Cms | 2026-01-23 | 7.2 High |
| Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary commands on the server. | ||||
| CVE-2025-15495 | 1 Biggidroid | 1 Simple Php Cms | 2026-01-22 | 4.7 Medium |
| A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-51793 | 1 Webfulcreations | 1 Computer Repair Shop | 2026-01-22 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Webful Creations Computer Repair Shop allows Upload a Web Shell to a Web Server.This issue affects Computer Repair Shop: from n/a through 3.8115. | ||||
| CVE-2023-51409 | 2 Ai Engine Project, Meowapps | 2 Ai Engine, Ai Engine | 2026-01-22 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine: ChatGPT Chatbot.This issue affects AI Engine: ChatGPT Chatbot: from n/a through 1.9.98. | ||||
| CVE-2022-50893 | 1 Viaviweb | 1 Wallpaper Admin | 2026-01-22 | 9.8 Critical |
| VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in the image upload functionality. Attackers can upload a malicious PHP file through the add_gallery_image.php endpoint to execute arbitrary code on the server. | ||||
| CVE-2025-15503 | 1 Sangfor | 1 Operation And Maintenance Security Management System | 2026-01-22 | 7.3 High |
| A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. Performing a manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-23499 | 1 Saleor | 1 Saleor | 2026-01-22 | N/A |
| Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these files may be served from the same domain as the dashboard without any restrictions leading to the execution of malicious scripts in the context of the user's browser. Malicious staff members could craft script injections to target other staff members, possibly stealing their access and/or refresh tokens. Users are vulnerable if they host the media files inside the same domain as the dashboard, e.g., dashboard is at `example.com/dashboard/` and media are under `example.com/media/`. They are not impact if media files are hosted in a different domain, e.g., `media.example.com`. Users are impacted if they do not return a `Content-Disposition: attachment` header for the media files. Saleor Cloud users are not impacted. This issue has been patched in versions: 3.22.27, 3.21.43, and 3.20.108. Some workarounds are available for those unable to upgrade. Configure the servers hosting the media files (e.g., CDN or reverse proxy) to return the Content-Disposition: attachment header. This instructs browsers to download the file instead of rendering them in the browser. Prevent the servers from returning HTML and SVG files. Set-up a `Content-Security-Policy` for media files, such as `Content-Security-Policy: default-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none';`. | ||||
| CVE-2024-47259 | 1 Axis | 2 Axis Os, Axis Os 2024 | 2026-01-22 | 3.5 Low |
| Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with the purpose to exhaust system resources. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2025-66802 | 1 Covid-19 Contact Tracing System Project | 1 Covid-19 Contact Tracing System | 2026-01-22 | 9.8 Critical |
| Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into imagem of the user enabling RCE. | ||||
| CVE-2026-24034 | 1 Horilla | 1 Horilla | 2026-01-22 | 5.4 Medium |
| Horilla is a free and open source Human Resource Management System (HRMS). In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and content-type are not checked during the profile photo update step. Version 1.5.0 fixes the issue. | ||||
| CVE-2025-66837 | 1 Softwareag | 1 Aris | 2026-01-21 | 6.8 Medium |
| A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware | ||||
| CVE-2025-46068 | 1 Automai | 1 Director | 2026-01-21 | 8.8 High |
| An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism | ||||