Total
4129 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43275 | 1 Canteen Management System Project | 1 Canteen Management System | 2026-06-17 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43265 | 1 Canteen Management System Project | 1 Canteen Management System | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43234 | 1 Hoosk | 1 Hoosk | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43231 | 1 Canteen Management System Project | 1 Canteen Management System | 2026-06-17 | N/A | 7.2 HIGH |
| Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/manage_website.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43192 | 1 Dedecms | 1 Dedecms | 2026-06-17 | N/A | 6.7 MEDIUM |
| An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is related to an incomplete fix for CVE-2022-40886. | |||||
| CVE-2022-43146 | 1 Canteen Management System Project | 1 Canteen Management System | 2026-06-17 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43085 | 1 Codeastro | 1 Restaurant Pos System | 2026-06-17 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43083 | 1 Vehicle Booking System Project | 1 Vehicle Booking System | 2026-06-17 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43074 | 1 Ayacms Project | 1 Ayacms | 2026-06-17 | N/A | 9.8 CRITICAL |
| AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43061 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2026-06-17 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43050 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2026-06-17 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-42971 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | |||||
| CVE-2022-42925 | 1 Formalms | 1 Formalms | 2026-06-17 | N/A | 9.9 CRITICAL |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection. | |||||
| CVE-2022-42698 | 1 Api2cart | 1 Api2cart Bridge Connector | 2026-06-17 | N/A | 9.8 CRITICAL |
| Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. | |||||
| CVE-2022-42449 | 1 Hcltech | 1 Domino Leap | 2026-06-17 | N/A | 4.6 MEDIUM |
| Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications | |||||
| CVE-2022-42443 | 1 Ibm | 2 Trusteer Android Sdk For Mobile, Trusteer Ios Sdk For Mobile | 2026-06-17 | N/A | 2.2 LOW |
| An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535. | |||||
| CVE-2022-42287 | 1 Nvidia | 2 Bmc, Dgx A100 | 2026-06-17 | N/A | 6.0 MEDIUM |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. | |||||
| CVE-2022-42229 | 1 Wedding Planner Project | 1 Wedding Planner | 2026-06-17 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. | |||||
| CVE-2022-42201 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2026-06-17 | N/A | 7.2 HIGH |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. | |||||
| CVE-2022-42198 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2026-06-17 | N/A | 8.8 HIGH |
| In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. | |||||
