CWE-616
9 CVEs classified under CWE-616. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-67084 | Critical | 9.9 | 2026-01-15 | File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be execu… |
CVE-2024-31601 | Critical | 9.8 | 2024-04-26 | An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via… |
CVE-2024-29858 | Critical | 9.8 | 2024-03-21 | In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload. |
CVE-2023-38947 | High | 7.2 | 2023-08-03 | An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP… |
CVE-2024-52305 | Medium | 6.5 | 2024-11-13 | UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowin… |
CVE-2024-28520 | Medium | 6.5 | 2024-04-04 | File Upload vulnerability in Byzoro Networks Smart multi-service security gateway intelligent management platform version S210, allows an attacker to obtain se… |
CVE-2026-22789 | Medium | 5.4 | 2026-01-12 | WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass v… |
CVE-2025-59402 | Medium | 5.4 | 2025-09-25 | Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables… |
CVE-2025-52130 | Medium | 5.4 | 2025-08-25 | File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to uploa… |