Total
2510 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-47615 | 1 Thimpress | 1 Learnpress | 2024-08-03 | 9.3 Critical |
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | ||||
CVE-2022-47191 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-08-03 | 4.3 Medium |
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. | ||||
CVE-2022-47190 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-08-03 | 10 Critical |
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. | ||||
CVE-2022-47042 | 1 Mingsoft | 1 Mcms | 2024-08-03 | 8.8 High |
MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do. | ||||
CVE-2022-46899 | 1 Vocera | 2 Report Server, Voice Server | 2024-08-03 | 7.5 High |
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any parameters with a filename entry will have their content written to a file in the Vocera upload-staging directory with the specified filename in the parameter. | ||||
CVE-2022-46828 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2024-08-03 | 5.2 Medium |
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | ||||
CVE-2022-46660 | 1 Ge | 1 Proficy Historian | 2024-08-03 | 7.5 High |
An unauthorized user could alter or write files with full control over the path and content of the file. | ||||
CVE-2022-46839 | 1 Wiselyhub | 1 Js Help Desk | 2024-08-03 | 10 Critical |
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. | ||||
CVE-2022-46604 | 1 Tecrail | 1 Responsive Filemanager | 2024-08-03 | 8.8 High |
An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | ||||
CVE-2022-46610 | 1 72crm | 1 Wukong Crm | 2024-08-03 | 8.8 High |
72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-46493 | 1 Nbnbk Project | 1 Nbnbk | 2024-08-03 | 9.8 Critical |
Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img. | ||||
CVE-2022-45912 | 1 Zimbra | 1 Collaboration | 2024-08-03 | 7.2 High |
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution. | ||||
CVE-2022-45896 | 1 Planetestream | 1 Planet Estream | 2024-08-03 | 9.8 Critical |
Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution. | ||||
CVE-2022-46135 | 1 Aerocms Project | 1 Aerocms | 2024-08-03 | 7.2 High |
In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server. | ||||
CVE-2022-46102 | 1 Ayacms Project | 1 Ayacms | 2024-08-03 | 9.8 Critical |
AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php | ||||
CVE-2022-45966 | 1 Classcms Project | 1 Classcms | 2024-08-03 | 9.8 Critical |
here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5. | ||||
CVE-2022-45968 | 1 Alist Project | 1 Alist | 2024-08-03 | 8.8 High |
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one). | ||||
CVE-2022-46020 | 1 Wbce | 1 Wbce Cms | 2024-08-03 | 9.8 Critical |
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. | ||||
CVE-2022-45802 | 1 Apache | 1 Streampark | 2024-08-03 | 9.8 Critical |
Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later | ||||
CVE-2022-45759 | 1 Sens Project | 1 Sens | 2024-08-03 | 8.8 High |
SENS v1.0 has a file upload vulnerability. |