| 2025-02-24 | CVE-2024-56897 | Unrestricted Upload of File with Dangerous Type vulnerability in Yitechnology YI CAR Dashcam Firmware 3.88
Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. | 9.8 |
| 2025-02-24 | CVE-2025-1598 | Unrestricted Upload of File with Dangerous Type vulnerability in Mayurik Best Church Management Software 1.0
A vulnerability was found in SourceCodester Best Church Management Software 1.0. | 9.8 |
| 2025-02-23 | CVE-2025-1593 | Unrestricted Upload of File with Dangerous Type vulnerability in Mayurik Best Employee Management System 1.0
A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 1.0. | 9.8 |
| 2025-02-23 | CVE-2025-1590 | Unrestricted Upload of File with Dangerous Type vulnerability in Janobe E-Learning System 1.0
A vulnerability was found in SourceCodester E-Learning System 1.0. | 7.2 |
| 2025-02-17 | CVE-2025-1388 | Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells | 8.8 |
| 2025-02-16 | CVE-2025-1355 | Unrestricted Upload of File with Dangerous Type vulnerability in Needyamin Library Card System 1.0
A vulnerability was found in needyamin Library Card System 1.0. | 9.8 |
| 2025-02-12 | CVE-2024-10960 | Unrestricted Upload of File with Dangerous Type vulnerability in Brizy
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'storeUploads' function in all versions up to, and including, 2.6.4. | 8.8 |
| 2025-02-12 | CVE-2024-13714 | The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_get_image_by_url' function in all versions up to, and including, 1.0.4. | 8.8 |
| 2025-02-11 | CVE-2024-13544 | Unrestricted Upload of File with Dangerous Type vulnerability in Amini7 Zarinpal Paid Download
The Zarinpal Paid Download WordPress plugin through 2.3 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | 4.8 |
| 2025-02-10 | CVE-2024-13011 | The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7. network low complexity CWE-434 critical | 9.8 |