Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,095)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-15360 1Newbee Ltd 1Newbee Mall Plus Apr 29, 2026 Dec 30, 2025 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page....Show more A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-15262 1Biggidroid 1Simple Php Cms Apr 29, 2026 Dec 30, 2025 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image resul...Show more A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.Show less
CVE-2025-68562 - - Apr 28, 2026 Dec 29, 2025 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3.
CVE-2024-27480 1Vvveb 1Vvvebjs Jan 2, 2026 Dec 29, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.
CVE-2024-25182 1Vvveb 1Vvvebjs Jan 2, 2026 Dec 29, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.
CVE-2025-15199 1Code Projects 1College Notes Uploading System Apr 29, 2026 Dec 29, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unre...Show more A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.Show less
CVE-2025-55061 - - Dec 31, 2025 Dec 29, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 CWE-434 Unrestricted Upload of File with Dangerous Type
CVE-2025-15197 2Anirbandutta Code Projects 2Content Management System News Buzz Apr 29, 2026 Dec 29, 2025 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the arg...Show more A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.Show less
CVE-2025-57460 1Machsol 1Machpanel Dec 31, 2025 Dec 29, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.
CVE-2025-15228 1Welltend 1Bpmflowwebkit Dec 31, 2025 Dec 29, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on...Show more BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.Show less
CVE-2025-15226 1Sun.net 1Wmpro Dec 31, 2025 Dec 29, 2025 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
CVE-2025-52691 1Smartertools 1Smartermail Jan 27, 2026 Dec 29, 2025 N/A· v4 10.0 CRITICAL· v3 N/A· v2 Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
CVE-2025-15067 - - Dec 29, 2025 Dec 29, 2025 8.5 HIGH· v4 7.7 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the direc...Show more Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed (ex: innorix/exam)Show less
CVE-2025-15152 - - Dec 29, 2025 Dec 28, 2025 5.3 MEDIUM· v4 6.3 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductControl...Show more A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted upload. The attack may be performed from remote. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.Show less
CVE-2025-15110 1Jackq 1Xcms Apr 29, 2026 Dec 27, 2025 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Su...Show more A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.Show less
CVE-2025-15109 - - Apr 29, 2026 Dec 27, 2025 5.5 MEDIUM· v4 7.3 HIGH· v3 7.5 HIGH· v2 A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unres...Show more A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.Show less
CVE-2025-2155 - - Jun 6, 2026 Dec 24, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion. This issue affects Specto CM: before 17032025.
CVE-2025-15050 1Fabian 1Student File Management System Apr 29, 2026 Dec 24, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads to unrestricted upload...Show more A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.Show less
CVE-2025-51511 1Cadmium Cms 1Cadmium Cms Jan 6, 2026 Dec 23, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.
CVE-2023-53980 1Projectsend 1Projectsend Dec 26, 2025 Dec 22, 2025 8.7 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the u...Show more ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.Show less

Previous 1...202122...205 Next