Vulnerabilities (CVE)

Filtered by CWE-434
Total 4131 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-48008 1 Limesurvey 1 Limesurvey 2026-06-17 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-48006 1 Taogogo 1 Taocms 2026-06-17 N/A 9.8 CRITICAL
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
CVE-2022-47893 1 Riello-ups 2 Netman 204, Netman 204 Firmware 2026-06-17 N/A 10.0 CRITICAL
There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.
CVE-2022-47878 1 Jedox 1 Jedox 2026-06-17 N/A 8.8 HIGH
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability affects installations running version 22.2 or earlier. The issue was resolved with the version 22.3 and later versions are not affected. Additionally, the vendor states that this vulnerability affects on-premises deployments only and that it does not impact cloud-hosted or SaaS environments.
CVE-2022-47854 1 I-librarian 1 I-librarian 2026-06-17 N/A 9.8 CRITICAL
i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php.
CVE-2022-47766 1 Popojicms 1 Popojicms 2026-06-17 N/A 8.8 HIGH
PopojiCMS v2.0.1 backend plugin function has a file upload vulnerability.
CVE-2022-47615 1 Thimpress 1 Learnpress 2026-06-17 N/A 9.3 CRITICAL
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVE-2022-47191 1 Generex 2 Cs141, Cs141 Firmware 2026-06-17 N/A 4.3 MEDIUM
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.
CVE-2022-47190 1 Generex 2 Cs141, Cs141 Firmware 2026-06-17 N/A 10.0 CRITICAL
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.
CVE-2022-47186 1 Generex 2 Cs141, Cs141 Firmware 2026-06-17 N/A 7.5 HIGH
There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
CVE-2022-47042 1 Mingsoft 1 Mcms 2026-06-17 N/A 8.8 HIGH
MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do.
CVE-2022-46899 1 Vocera 2 Report Server, Voice Server 2026-06-17 N/A 7.5 HIGH
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any parameters with a filename entry will have their content written to a file in the Vocera upload-staging directory with the specified filename in the parameter.
CVE-2022-46839 1 Wiselyhub 1 Js Help Desk 2026-06-17 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1.
CVE-2022-46828 2 Apple, Jetbrains 2 Macos, Intellij Idea 2026-06-17 N/A 5.2 MEDIUM
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
CVE-2022-46660 1 Ge 1 Proficy Historian 2026-06-17 N/A 7.5 HIGH
An unauthorized user could alter or write files with full control over the path and content of the file.
CVE-2022-46610 1 72crm 1 Wukong Crm 2026-06-17 N/A 8.8 HIGH
72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-46604 1 Tecrail 1 Responsive Filemanager 2026-06-17 N/A 8.8 HIGH
An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution.
CVE-2022-46493 1 Nbnbk Project 1 Nbnbk 2026-06-17 N/A 9.8 CRITICAL
Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img.
CVE-2022-46135 1 Aerocms Project 1 Aerocms 2026-06-17 N/A 7.2 HIGH
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.
CVE-2022-46102 1 Ayacms Project 1 Ayacms 2026-06-17 N/A 9.8 CRITICAL
AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php