CWE-284: Improper Access Control

This vulnerability allows remote attackers to upload arbitrary files without restrictions in the wisdom-education application. Attackers can exploit t...

CVE-2025-11078 is an unrestricted file upload vulnerability in itsourcecode Open Source Job Portal 1.0 that allows remote attackers to upload arbitrar...

This vulnerability allows remote attackers to upload arbitrary files to the academico-sis system via the /edit-photo endpoint in the Profile Picture H...

This vulnerability in Selleo Mentingo allows attackers to upload arbitrary files via the Profile Picture Handler component by manipulating the userAva...

CVE-2025-10616 is an unrestricted file upload vulnerability in itsourcecode E-Commerce Website 1.0 that allows remote attackers to upload arbitrary fi...

This vulnerability in itsourcecode E-Commerce Website 1.0 allows attackers to upload arbitrary files to the /admin/products.php endpoint without prope...

This vulnerability allows remote attackers to upload arbitrary files to SourceCodester Online Student File Management System 1.0 via the /save_file.ph...

This vulnerability allows remote attackers to upload arbitrary files to SourceCodester Pet Grooming Management Software 1.0 via the website_image para...

This vulnerability allows remote attackers to upload arbitrary files to the fcba_zzm ics-park Smart Park Management System 2.0 due to insufficient val...

This vulnerability allows remote attackers to upload arbitrary files to SourceCodester Pet Grooming Management Software 1.0 via the manage_website.php...

CodeAstro Real Estate Management System 1.0 contains an unrestricted file upload vulnerability in the submitproperty.php endpoint. This allows remote ...

CodeAstro Real Estate Management System 1.0 has an unrestricted file upload vulnerability in the /register.php component. Attackers can remotely uploa...

CVE-2025-9847 is an unrestricted file upload vulnerability in ScriptAndTools Real Estate Management System 1.0. Attackers can upload malicious files v...

This vulnerability allows remote attackers to upload arbitrary files to Mobile Shop Management System 1.0 servers via the ProductImage parameter in Ad...

This vulnerability allows remote attackers to upload arbitrary files to SimStudioAI sim applications due to insufficient validation in the HTML File P...

This vulnerability in GreenCMS allows attackers to upload arbitrary files without restrictions via the /index.php?m=admin&c=media&a=fileconnect endpoi...

This vulnerability allows remote attackers to upload arbitrary files without restrictions in xuhuisheng lemon CMS versions up to 1.13.0. The flaw exis...

This vulnerability in YiFang CMS allows remote attackers to upload arbitrary files without restrictions through the mergeMultipartUpload function. It ...

CVE-2025-9397 is an unrestricted file upload vulnerability in givanz Vvveb CMS that allows remote attackers to upload arbitrary files to the server. T...

This vulnerability allows remote attackers to upload arbitrary files to the Online Tour and Travel Management System 1.0 via the photo parameter in /a...

Acrel Environmental Monitoring Cloud Platform up to version 20250804 contains an unrestricted file upload vulnerability in the /NewsManage/UploadNewsI...

CVE-2025-8859 is an unrestricted file upload vulnerability in eBlog Site 1.0's admin panel. Attackers can upload malicious files to the server via the...

This vulnerability allows remote attackers to upload arbitrary files to zlt2000 microservices-platform servers without proper restrictions. Affected s...

This critical vulnerability in Qiyuesuo Electronic Signature Platform allows remote attackers to upload arbitrary files without restrictions via the /...

This critical vulnerability in linlinjava litemall allows remote attackers to upload arbitrary files without restrictions via the /wx/storage/upload e...

This critical vulnerability in Exrick xboot allows remote attackers to upload arbitrary files without restrictions via the UploadController.java compo...

This critical vulnerability in Kitchen Treasure 1.0 allows remote attackers to upload arbitrary files via the photo parameter in userregistration.php....

This critical vulnerability in openviglet shio allows remote attackers to upload arbitrary files without restrictions via the shStaticFileUpload funct...

This critical vulnerability in code-projects Voting System 1.0 allows remote attackers to upload arbitrary files via the photo parameter in /admin/can...

This critical vulnerability in code-projects Document Management System 1.0 allows remote attackers to upload arbitrary files via the /insert.php endp...

This critical vulnerability in RuoYi allows attackers to upload arbitrary files without restrictions via the uploadFile function. Remote attackers can...

This critical vulnerability in MoneyPrinterTurbo allows remote attackers to upload arbitrary files without restrictions via the upload_bgm_file functi...

This vulnerability allows remote attackers to upload arbitrary files to Metasoft MetaCRM systems via the mobileupload.jsp endpoint. Affected are all M...

This critical vulnerability in Metasoft MetaCRM allows remote attackers to upload arbitrary files via the sendfile.jsp endpoint. Affected systems incl...

This critical vulnerability in JeeSite allows attackers to upload arbitrary files without proper restrictions, potentially leading to remote code exec...

CVE-2025-7755 is a critical unrestricted file upload vulnerability in code-projects Online Ordering System 1.0. Attackers can remotely upload maliciou...

This critical vulnerability in YiJiuSmile kkFileViewOfficeEdit allows remote attackers to upload arbitrary files without restrictions via the /fileUpl...

This critical vulnerability in JoeyBling SpringBoot_MyBatisPlus allows remote attackers to upload arbitrary files without restrictions via the SysFile...

CVE-2025-7412 is a critical unrestricted file upload vulnerability in code-projects Library System 1.0. Attackers can remotely upload malicious files ...

This critical vulnerability in code-projects E-Commerce Site 1.0 allows remote attackers to upload arbitrary files via the photo parameter in /admin/u...

This critical vulnerability in Campcodes Advanced Online Voting System 1.0 allows remote attackers to upload arbitrary files via the photo parameter i...

CVE-2025-7075 is a critical vulnerability in BlackVue Dashcam 590X devices that allows unauthenticated attackers on the local network to upload arbitr...

This critical vulnerability in code-projects Library System 1.0 allows remote attackers to upload arbitrary files via the /add-book.php endpoint's ima...

This vulnerability in MIB3 infotainment units allows attackers with existing system access to bypass operating system access controls through the inte...

D-Link DIR-823-Pro router firmware version 1.02 has improper permission control that allows unauthorized users to enable and access Telnet services re...

This critical vulnerability in code-projects Car Rental System 1.0 allows remote attackers to upload arbitrary files via the /admin/add_cars.php endpo...

This critical vulnerability in ageerle ruoyi-ai 2.0.0 allows remote attackers to upload arbitrary files without restrictions via the speechToTextTrans...

This vulnerability allows remote attackers to upload arbitrary files to eCharge Hardy Barth Salia PLCC devices via the /firmware.php endpoint in the W...

This critical vulnerability in SourceCodester Open Source Clinic Management System 1.0 allows remote attackers to upload arbitrary files via the websi...

This critical vulnerability in Blogbook allows remote attackers to upload arbitrary files without restrictions via the image parameter in the admin po...