CVEs classified under CWE-616, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2025-67084 — CVSS 9.9 (critical): File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments…
CVE-2024-31601 — CVSS 9.8 (critical): An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute…
CVE-2024-29858 — CVSS 9.8 (critical): In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload.
CVE-2024-52305 — CVSS 6.5 (medium): UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create…
CVE-2025-59402 — CVSS 5.4 (medium): Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL…
CVE-2025-52130 — CVSS 5.4 (medium): File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an…