Total
3102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4232 | 1 Rinvizle | 1 Event Registration System | 2024-11-21 | N/A | 4.7 MEDIUM |
| A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. Affected is an unknown function. The manipulation of the argument cmd leads to unrestricted upload. It is possible to launch the attack remotely. VDB-214590 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-47893 | 1 Riello-ups | 2 Netman 204, Netman 204 Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root. | |||||
| CVE-2022-47615 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A | 9.3 CRITICAL |
| Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | |||||
| CVE-2022-47191 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-11-21 | N/A | 4.3 MEDIUM |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. | |||||
| CVE-2022-47190 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-11-21 | N/A | 10.0 CRITICAL |
| Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. | |||||
| CVE-2022-47186 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory. | |||||
| CVE-2022-46899 | 1 Vocera | 2 Report Server, Voice Server | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any parameters with a filename entry will have their content written to a file in the Vocera upload-staging directory with the specified filename in the parameter. | |||||
| CVE-2022-46839 | 1 Wiselyhub | 1 Js Help Desk | 2024-11-21 | N/A | 10.0 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | |||||
| CVE-2022-46828 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2024-11-21 | N/A | 5.2 MEDIUM |
| In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | |||||
| CVE-2022-46660 | 1 Ge | 1 Proficy Historian | 2024-11-21 | N/A | 7.5 HIGH |
| An unauthorized user could alter or write files with full control over the path and content of the file. | |||||
| CVE-2022-45802 | 1 Apache | 1 Streampark | 2024-11-21 | N/A | 9.8 CRITICAL |
| Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later | |||||
| CVE-2022-45377 | 1 Codedropz | 1 Drag And Drop Multiple File Upload For Woocommerce | 2024-11-21 | N/A | 6.5 MEDIUM |
| Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload for WooCommerce.This issue affects Drag and Drop Multiple File Upload for WooCommerce: from n/a through 1.0.8. | |||||
| CVE-2022-45359 | 1 Yithemes | 1 Yith Woocommerce Gift Cards | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. | |||||
| CVE-2022-45171 | 1 Liveboxcloud | 1 Vdesk | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions. | |||||
| CVE-2022-44276 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE. | |||||
| CVE-2022-44036 | 1 B2evolution | 1 B2evolution Cms | 2024-11-21 | N/A | 7.2 HIGH |
| In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it." | |||||
| CVE-2022-43436 | 1 Easy Test Project | 1 Easy Test | 2024-11-21 | N/A | 8.8 HIGH |
| The File Upload function of EasyTest has insufficient filtering for special characters and file type. A remote attacker authenticated as a general user can upload and execute arbitrary files, to manipulate system or disrupt service. | |||||
| CVE-2022-42971 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | |||||
| CVE-2022-42925 | 1 Formalms | 1 Formalms | 2024-11-21 | N/A | 9.9 CRITICAL |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection. | |||||
| CVE-2022-42698 | 1 Api2cart | 1 Api2cart Bridge Connector | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. | |||||