Total
4131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48008 | 1 Limesurvey | 1 Limesurvey | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-48006 | 1 Taogogo | 1 Taocms | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | |||||
| CVE-2022-47893 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2026-06-17 | N/A | 10.0 CRITICAL |
| There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root. | |||||
| CVE-2022-47878 | 1 Jedox | 1 Jedox | 2026-06-17 | N/A | 8.8 HIGH |
| Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability affects installations running version 22.2 or earlier. The issue was resolved with the version 22.3 and later versions are not affected. Additionally, the vendor states that this vulnerability affects on-premises deployments only and that it does not impact cloud-hosted or SaaS environments. | |||||
| CVE-2022-47854 | 1 I-librarian | 1 I-librarian | 2026-06-17 | N/A | 9.8 CRITICAL |
| i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php. | |||||
| CVE-2022-47766 | 1 Popojicms | 1 Popojicms | 2026-06-17 | N/A | 8.8 HIGH |
| PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability. | |||||
| CVE-2022-47615 | 1 Thimpress | 1 Learnpress | 2026-06-17 | N/A | 9.3 CRITICAL |
| Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | |||||
| CVE-2022-47191 | 1 Generex | 2 Cs141, Cs141 Firmware | 2026-06-17 | N/A | 4.3 MEDIUM |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. | |||||
| CVE-2022-47190 | 1 Generex | 2 Cs141, Cs141 Firmware | 2026-06-17 | N/A | 10.0 CRITICAL |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. | |||||
| CVE-2022-47186 | 1 Generex | 2 Cs141, Cs141 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory. | |||||
| CVE-2022-47042 | 1 Mingsoft | 1 Mcms | 2026-06-17 | N/A | 8.8 HIGH |
| MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do. | |||||
| CVE-2022-46899 | 1 Vocera | 2 Report Server, Voice Server | 2026-06-17 | N/A | 7.5 HIGH |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any parameters with a filename entry will have their content written to a file in the Vocera upload-staging directory with the specified filename in the parameter. | |||||
| CVE-2022-46839 | 1 Wiselyhub | 1 Js Help Desk | 2026-06-17 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | |||||
| CVE-2022-46828 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2026-06-17 | N/A | 5.2 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | |||||
| CVE-2022-46660 | 1 Ge | 1 Proficy Historian | 2026-06-17 | N/A | 7.5 HIGH |
| An unauthorized user could alter or write files with full control over the path and content of the file. | |||||
| CVE-2022-46610 | 1 72crm | 1 Wukong Crm | 2026-06-17 | N/A | 8.8 HIGH |
| 72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-46604 | 1 Tecrail | 1 Responsive Filemanager | 2026-06-17 | N/A | 8.8 HIGH |
| An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | |||||
| CVE-2022-46493 | 1 Nbnbk Project | 1 Nbnbk | 2026-06-17 | N/A | 9.8 CRITICAL |
| Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img. | |||||
| CVE-2022-46135 | 1 Aerocms Project | 1 Aerocms | 2026-06-17 | N/A | 7.2 HIGH |
| In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. | |||||
| CVE-2022-46102 | 1 Ayacms Project | 1 Ayacms | 2026-06-17 | N/A | 9.8 CRITICAL |
| AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php | |||||
