Vulnerabilities (CVE)

Filtered by CWE-434
Total 4128 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40896 1 Pygments 1 Pygments 2026-06-17 N/A 5.5 MEDIUM
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.
CVE-2022-40886 1 Dedecms 1 Dedecms 2026-06-17 N/A 7.2 HIGH
DedeCMS 5.7.98 has a file upload vulnerability in the background.
CVE-2022-40878 1 Exam Reviewer Management System Project 1 Exam Reviewer Management System 2026-06-17 N/A 8.8 HIGH
In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).
CVE-2022-40797 1 Roxyfileman 1 Roxy Fileman 2026-06-17 N/A 9.8 CRITICAL
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)
CVE-2022-40777 1 Interspire 1 Email Marketer 2026-06-17 N/A 8.8 HIGH
Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550.
CVE-2022-40721 1 Creativedream File Uploader Project 1 Creativedream File Uploader 2026-06-17 N/A 9.8 CRITICAL
Arbitrary file upload vulnerability in php uploader
CVE-2022-40471 1 Oretnom23 1 Clinic\'s Patient Management System 2026-06-17 N/A 9.8 CRITICAL
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php
CVE-2022-40432 1 D8s-strings Project 1 D8s-strings 2026-06-17 N/A 9.8 CRITICAL
The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.
CVE-2022-40431 1 D8s-pdfs Project 1 D8s-pdfs 2026-06-17 N/A 9.8 CRITICAL
The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
CVE-2022-40407 1 Chamilo 1 Chamilo 2026-06-17 N/A 8.8 HIGH
A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.
CVE-2022-40217 1 Xplodedthemes 1 Wpide 2026-06-17 N/A 6.5 MEDIUM
Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.
CVE-2022-40200 1 Gvectors 1 Wpforo Forum 2026-06-17 N/A 9.9 CRITICAL
Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress.
CVE-2022-40087 1 Simple College Website Project 1 Simple College Website 2026-06-17 N/A 9.8 CRITICAL
Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-40050 1 Zfile 1 Zfile 2026-06-17 N/A 9.8 CRITICAL
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1.
CVE-2022-40037 1 Javaweb Blog Project 1 Javaweb Blog 2026-06-17 N/A 9.8 CRITICAL
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.
CVE-2022-40035 1 Blog-ssm Project 1 Blog-ssm 2026-06-17 N/A 8.8 HIGH
File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component.
CVE-2022-3944 1 Erp Project 1 Erp 2026-06-17 N/A 6.3 MEDIUM
A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451.
CVE-2022-3912 1 Wpeverest 1 User Registration 2026-06-17 N/A 7.5 HIGH
The User Registration WordPress plugin before 2.2.4.1 does not properly restrict the files to be uploaded via an AJAX action available to both unauthenticated and authenticated users, which could allow unauthenticated users to upload PHP files for example.
CVE-2022-3771 1 Easyiicms 1 Easyiicms 2026-06-17 N/A 6.3 MEDIUM
A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability.
CVE-2022-3682 1 Hitachienergy 1 Sdm600 2026-06-17 N/A 9.9 CRITICAL
A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:*:*:*:*:*:*:*