VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Unrestricted Upload of File with Dangerous Type
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-03-30
CVE-2025-2952
Unrestricted Upload of File with Dangerous Type vulnerability in Bluestar Micro Mall 1.0
A vulnerability classified as critical was found in Bluestar Micro Mall 1.0.
network
low complexity
bluestar
CWE-434
critical
9.8
9.8
2025-03-29
CVE-2025-2249
The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2.
network
low complexity
CWE-434
8.8
8.8
2025-03-24
CVE-2025-2706
A vulnerability classified as critical was found in Digiwin ERP 5.0.1.
network
low complexity
CWE-434
6.3
6.3
2025-03-24
CVE-2025-2705
A vulnerability classified as critical has been found in Digiwin ERP 5.1.
network
low complexity
CWE-434
7.3
7.3
2025-03-24
CVE-2025-2702
A vulnerability, which was classified as critical, has been found in Softwin WMX3 3.1.
network
low complexity
CWE-434
6.3
6.3
2025-03-24
CVE-2025-2687
Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul Elearning System 1.0
A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0.
network
low complexity
phpgurukul
CWE-434
critical
9.8
9.8
2025-03-23
CVE-2025-2671
A vulnerability was found in Yue Lao Blind Box ???? up to 4.0.
network
low complexity
CWE-434
6.3
6.3
2025-03-20
CVE-2024-9920
Unrestricted Upload of File with Dangerous Type vulnerability in Lollms web UI 12
In version v12 of parisneo/lollms-webui, the 'Send file to AL' function allows uploading files with various extensions, including potentially dangerous ones like .py, .sh, .bat, and more.
network
low complexity
lollms
CWE-434
8.8
8.8
2025-03-19
CVE-2024-45644
IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
network
low complexity
CWE-434
4.7
4.7
2025-03-19
CVE-2025-2512
The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1.
network
low complexity
CWE-434
critical
9.8
9.8
«
Previous
1
2
...
5
6
7
(current)
8
9
...
206
207
»
Next