Total
3075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45359 | 1 Yithemes | 1 Yith Woocommerce Gift Cards | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. | |||||
| CVE-2022-45171 | 1 Liveboxcloud | 1 Vdesk | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions. | |||||
| CVE-2022-44276 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE. | |||||
| CVE-2022-44036 | 1 B2evolution | 1 B2evolution Cms | 2024-11-21 | N/A | 7.2 HIGH |
| In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it." | |||||
| CVE-2022-43436 | 1 Easy Test Project | 1 Easy Test | 2024-11-21 | N/A | 8.8 HIGH |
| The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service. | |||||
| CVE-2022-42971 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | |||||
| CVE-2022-42925 | 1 Formalms | 1 Formalms | 2024-11-21 | N/A | 9.9 CRITICAL |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection. | |||||
| CVE-2022-42698 | 1 Api2cart | 1 Api2cart Bridge Connector | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. | |||||
| CVE-2022-42287 | 1 Nvidia | 2 Bmc, Dgx A100 | 2024-11-21 | N/A | 6.0 MEDIUM |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. | |||||
| CVE-2022-42092 | 1 Backdropcms | 1 Backdrop Cms | 2024-11-21 | N/A | 7.2 HIGH |
| Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required. | |||||
| CVE-2022-42036 | 1 Democritus | 1 D8s-urls | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-41681 | 1 Formalms | 1 Formalms | 2024-11-21 | N/A | 9.9 CRITICAL |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. | |||||
| CVE-2022-41512 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41379 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41267 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-11-21 | N/A | 9.9 CRITICAL |
| SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application. | |||||
| CVE-2022-41217 | 1 Hybridsoftware | 1 Cloudflow | 2024-11-21 | N/A | 9.8 CRITICAL |
| Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | |||||
| CVE-2022-40981 | 1 Etictelecom | 14 Ras-c-100-lw, Ras-e-100, Ras-e-220 and 11 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device. | |||||
| CVE-2022-40921 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 7.2 HIGH |
| DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. | |||||
| CVE-2022-40896 | 1 Pygments | 1 Pygments | 2024-11-21 | N/A | 5.5 MEDIUM |
| A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. | |||||
| CVE-2022-40886 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 7.2 HIGH |
| DedeCMS 5.7.98 has a file upload vulnerability in the background. | |||||