ReportizFlow
Filtered by vendor
Subscriptions
Total
3631 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-9712 | 1 Ivanti | 1 Endpoint Manager | 2025-10-10 | 8.8 High |
| Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2025-9872 | 1 Ivanti | 1 Endpoint Manager | 2025-10-10 | 8.8 High |
| Insufficient filename validation in Ivanti Endpoint Manager before 2024 SU3 SR1 and 2022 SU8 SR2 allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | ||||
| CVE-2025-0399 | 1 Starsea99 | 1 Starsea-mall | 2025-10-10 | 4.7 Medium |
| A vulnerability was found in StarSea99 starsea-mall 1.0. It has been declared as critical. This vulnerability affects the function UploadController of the file src/main/java/com/siro/mall/controller/common/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4259 | 1 Newbee-mall Project | 1 Newbee-mall | 2025-10-10 | 6.3 Medium |
| A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. | ||||
| CVE-2025-0702 | 1 Joeybling | 1 Bootplus | 2025-10-10 | 6.3 Medium |
| A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2024-13133 | 1 Zerowdd | 1 Studentmanager | 2025-10-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in ZeroWdd studentmanager 1.0. This issue affects the function addStudent/editStudent of the file src/main/Java/com/wdd/studentmanager/controller/StudentController. java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13134 | 1 Zerowdd | 1 Studentmanager | 2025-10-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Affected is the function addTeacher/editTeacher of the file src/main/Java/com/wdd/studentmanager/controller/TeacherController. java. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4258 | 1 Zhangyanbo2007 | 1 Youkefu | 2025-10-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3558 | 1 Ghostxbh | 1 Uzy-ssm-mall | 2025-10-10 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in ghostxbh uzy-ssm-mall 1.0.0. This affects an unknown part of the file /mall/user/uploadUserHeadImage. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-3593 | 1 Zhenfeng13 | 1 My-blog-layui | 2025-10-10 | 6.3 Medium |
| A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-51056 | 2 Vedo, Vedo Suite Project | 2 Vedo Suite, Vedo Suite | 2025-10-09 | 8.2 High |
| An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem paths by exploiting the insecure 'uploadPreviews()' custom function in '/api_vedo/colorways_preview', ultimately resulting in remote code execution (RCE). | ||||
| CVE-2025-11351 | 2 Code-projects, Fabian | 2 Simple Online Hotel Reservation System, Online Hotel Reservation System | 2025-10-09 | 6.3 Medium |
| A weakness has been identified in code-projects Online Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/editpicexec.php. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-11352 | 2 Code-projects, Fabian | 2 Simple Online Hotel Reservation System, Online Hotel Reservation System | 2025-10-09 | 6.3 Medium |
| A security vulnerability has been detected in code-projects Online Hotel Reservation System 1.0. This affects an unknown function of the file /admin/addexec.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-11353 | 2 Code-projects, Fabian | 2 Simple Online Hotel Reservation System, Online Hotel Reservation System | 2025-10-09 | 6.3 Medium |
| A vulnerability was detected in code-projects Online Hotel Reservation System 1.0. This impacts an unknown function of the file /admin/addgalleryexec.php. Performing manipulation of the argument image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2025-11398 | 2 Nikhil-bhalerao, Sourcecodester | 2 Hotel And Lodge Management System, Hotel And Lodge Management System | 2025-10-09 | 6.3 Medium |
| A weakness has been identified in SourceCodester Hotel and Lodge Management System 1.0. The impacted element is an unknown function of the file /profile.php of the component Profile Page. Executing manipulation of the argument image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-11417 | 1 Campcodes | 1 Advanced Online Voting System | 2025-10-09 | 6.3 Medium |
| A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. This vulnerability affects unknown code of the file /admin/voters_add.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-11426 | 1 Projectworlds | 1 Advanced Library Management System | 2025-10-09 | 6.3 Medium |
| A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_book.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-11436 | 1 Jhumanj | 1 Opnform | 2025-10-09 | 6.3 Medium |
| A vulnerability was detected in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The patch is identified as 95c3e23856465d202e6aec10bdb6ee0688b5305a. It is advisable to implement a patch to correct this issue. | ||||
| CVE-2025-2978 | 1 Wcms | 1 Wcms | 2025-10-09 | 6.3 Medium |
| A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11470 | 2 Nikhil-bhalerao, Sourcecodester | 2 Hotel And Lodge Management System, Hotel And Lodge Management System | 2025-10-09 | 4.7 Medium |
| A security vulnerability has been detected in SourceCodester Hotel and Lodge Management System up to 1.0. The impacted element is an unknown function of the file /manage_website.php. The manipulation of the argument website_image/back_login_image leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. | ||||