CVE-2025-9846
10.0 CRITICALUnrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc
Published: 2025-09-23 · Last updated: 2026-06-05
Severity and scoring
- CVSS
- 10.0 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- CWE
- CWE-434
Description
Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection. This issue affects Inka.Net: before 6.7.1.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-53724 — Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js
- CVE-2026-6211 — Unrestricted upload of file with dangerous type vulnerability in Global IT Informatics Services Inc (8.7 HIGH)
- CVE-2026-53787 — Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows un... (9.8 CRITICAL)
- CVE-2026-46489 — SolidInvoice is an open-source invoicing platform (8.1 HIGH)
- CVE-2026-11839 — Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc (9.9 CRITICAL)