Total
4125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36431 | 1 Rocketsoftware | 1 Trufusion | 2026-06-17 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1. | |||||
| CVE-2022-36386 | 1 Soflyy | 1 Wp All Import | 2026-06-17 | N/A | 9.1 CRITICAL |
| Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress. | |||||
| CVE-2022-36285 | 1 Uploading Svg\, Webp And Ico Files Project | 1 Uploading Svg\, Webp And Ico Files | 2026-06-17 | N/A | 7.2 HIGH |
| Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. | |||||
| CVE-2022-36264 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2026-06-17 | N/A | 9.1 CRITICAL |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file. | |||||
| CVE-2022-36066 | 1 Discourse | 1 Discourse | 2026-06-17 | N/A | 9.1 CRITICAL |
| Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. | |||||
| CVE-2022-35426 | 1 Ucms Project | 1 Ucms | 2026-06-17 | N/A | 9.8 CRITICAL |
| UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. | |||||
| CVE-2022-35150 | 1 Baijiacms Project | 1 Baijiacms | 2026-06-17 | N/A | 9.8 CRITICAL |
| Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. | |||||
| CVE-2022-34971 | 1 Feehi | 1 Feehi Cms | 2026-06-17 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-34965 | 1 Openteknik | 1 Open Source Social Network | 2026-06-17 | N/A | 7.2 HIGH |
| OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files. | |||||
| CVE-2022-34613 | 1 Mealie Project | 1 Mealie | 2026-06-17 | N/A | 9.8 CRITICAL |
| Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-34578 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2026-06-17 | N/A | 7.2 HIGH |
| Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. | |||||
| CVE-2022-34549 | 1 Sims Project | 1 Sims | 2026-06-17 | N/A | 8.8 HIGH |
| Sims v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /uploadServlet. This vulnerability allows attackers to escalate privileges and execute arbitrary commands via a crafted file. | |||||
| CVE-2022-34496 | 1 Hiby | 4 Hiby R3 Pro, Hiby R3 Pro Firmware, Hiby R3 Pro Saber and 1 more | 2026-06-17 | N/A | 9.8 CRITICAL |
| Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. | |||||
| CVE-2022-34483 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 8.8 HIGH |
| An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34482. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-34482 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 8.8 HIGH |
| An attacker who could have convinced a user to drag and drop an image to a filesystem could have manipulated the resulting filename to contain an executable extension, and by extension potentially tricked the user into executing malicious code. While very similar, this is a separate issue from CVE-2022-34483. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-34154 | 1 Ideastocode | 1 Enable Svg\, Webp \& Ico Upload | 2026-06-17 | N/A | 7.2 HIGH |
| Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. | |||||
| CVE-2022-34128 | 1 Glpi-project | 1 Positions | 2026-06-17 | N/A | 9.8 CRITICAL |
| The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php. | |||||
| CVE-2022-34120 | 1 Barangay Management System Project | 1 Barangay Management System | 2026-06-17 | N/A | 7.2 HIGH |
| Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php. | |||||
| CVE-2022-34115 | 1 Dataease | 1 Dataease | 2026-06-17 | N/A | 9.8 CRITICAL |
| DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. | |||||
| CVE-2022-34024 | 1 Barangay Management System Project | 1 Barangay Management System | 2026-06-17 | N/A | 7.2 HIGH |
| Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php. | |||||
