| 2025-03-19 | CVE-2024-45644 | IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment. | 4.7 |
| 2025-03-19 | CVE-2025-2512 | The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. network low complexity CWE-434 critical | 9.8 |
| 2025-03-17 | CVE-2025-2396 | The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. | 8.8 |
| 2025-03-16 | CVE-2025-2350 | A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. | 6.3 |
| 2025-03-12 | CVE-2025-2219 | A vulnerability was found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. | 7.3 |
| 2025-03-12 | CVE-2025-2216 | A vulnerability, which was classified as critical, has been found in zzskzy Warehouse Refinement Management System 1.3. | 6.3 |
| 2025-03-08 | CVE-2024-13359 | Unrestricted Upload of File with Dangerous Type vulnerability in Tychesoftwares Product Input Fields for Woocommerce
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function in all versions up to, and including, 1.12.0. | 9.8 |
| 2025-03-08 | CVE-2024-13882 | Unrestricted Upload of File with Dangerous Type vulnerability in Coderevolution Aiomatic 1.9.4
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_generate_featured_image' function in all versions up to, and including, 2.3.8. | 8.8 |
| 2025-03-08 | CVE-2024-13908 | Unrestricted Upload of File with Dangerous Type vulnerability in Bestwebsoft Smtp
The SMTP by BestWebSoft plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 1.1.9. | 7.2 |
| 2025-03-06 | CVE-2025-2035 | A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0 and classified as critical. | 6.3 |