Total
332 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33158 | 2 Microsoft, Trendmicro | 2 Windows, Vpn Proxy One Pro | 2024-11-21 | N/A | 7.8 HIGH |
| Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. | |||||
| CVE-2022-32143 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required | |||||
| CVE-2022-30428 | 1 Ginadmin Project | 1 Ginadmin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. | |||||
| CVE-2022-2981 | 1 Wpchill | 1 Download Monitor | 2024-11-21 | N/A | 4.9 MEDIUM |
| The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | |||||
| CVE-2022-2392 | 1 Lana | 1 Lana Downloads Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher. | |||||
| CVE-2022-2357 | 1 Wsm Downloader Project | 1 Wsm Downloader | 2024-11-21 | N/A | 7.5 HIGH |
| The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php. | |||||
| CVE-2022-2222 | 1 Wpchill | 1 Download Monitor | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | |||||
| CVE-2022-29720 | 1 74cms | 1 74cmsse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php. | |||||
| CVE-2022-29302 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php. | |||||
| CVE-2022-28462 | 1 Xxyopen | 1 Novel-plus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. | |||||
| CVE-2022-28445 | 1 Kitesky | 1 Kitecms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module. | |||||
| CVE-2022-28002 | 1 Movie Seat Reservation Project | 1 Movie Seat Reservation | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home. | |||||
| CVE-2022-27837 | 2 Google, Samsung | 2 Android, Accessibility | 2024-11-21 | 9.3 HIGH | 4.4 MEDIUM |
| A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. | |||||
| CVE-2022-26877 | 1 Asana | 1 Desktop | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page. | |||||
| CVE-2022-26271 | 1 74cms | 1 74cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php. | |||||
| CVE-2022-25497 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. | |||||
| CVE-2022-25299 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during upload using mg_http_upload() method may enable attackers to write files to arbitrary locations outside the designated target folder. | |||||
| CVE-2022-25297 | 1 Drogon | 1 Drogon | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder. | |||||
| CVE-2022-25104 | 1 Horizontcms Project | 1 Horizontcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/. | |||||
| CVE-2022-24694 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.) | |||||