VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Unrestricted Upload of File with Dangerous Type
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-12
CVE-2025-4556
The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
network
low complexity
CWE-434
critical
9.8
9.8
2025-05-09
CVE-2025-4403
The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user-supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function.
network
low complexity
CWE-434
critical
9.8
9.8
2025-05-09
CVE-2024-11617
The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'zetra_languageUpload' and 'zetra_fontsUpload' functions in all versions up to, and including, 1.0.
network
low complexity
CWE-434
critical
9.8
9.8
2025-05-09
CVE-2025-3455
The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2.
network
low complexity
CWE-434
8.8
8.8
2025-05-09
CVE-2025-4468
Unrestricted Upload of File with Dangerous Type vulnerability in Senior-Walter Online Student Clearance System 1.0
A vulnerability was found in SourceCodester Online Student Clearance System 1.0.
network
low complexity
senior-walter
CWE-434
critical
9.8
9.8
2025-05-07
CVE-2025-47549
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Ultimate Before After Image Slider & Gallery
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF allows Upload a Web Shell to a Web Server. This issue affects BEAF: from n/a through 4.6.10.
network
low complexity
themefic
CWE-434
7.2
7.2
2025-05-07
CVE-2025-47550
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio
Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio allows Upload a Web Shell to a Web Server. This issue affects Instantio: from n/a through 3.3.16.
network
low complexity
themefic
CWE-434
7.2
7.2
2025-05-06
CVE-2025-0984
Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection.This issue affects E-Flow: before 3.23.00.
network
low complexity
CWE-434
8.2
8.2
2025-05-06
CVE-2025-40625
Unrestricted Upload of File with Dangerous Type vulnerability in Tcman GIM 11.0
Unrestricted file upload in TCMAN's GIM v11.
network
low complexity
tcman
CWE-434
critical
9.8
9.8
2025-05-06
CVE-2025-4310
Unrestricted Upload of File with Dangerous Type vulnerability in Emiloi Content Management System 1.0
A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0.
network
low complexity
emiloi
CWE-434
6.3
6.3
«
Previous
1
2
(current)
3
4
5
...
206
207
»
Next