Total
2650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45359 | 1 Yithemes | 1 Yith Woocommerce Gift Cards | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. | |||||
| CVE-2022-45338 | 1 Exactsoftware | 1 Exact Synergy | 2024-11-21 | N/A | 7.8 HIGH |
| An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file. | |||||
| CVE-2022-45275 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-45171 | 1 Liveboxcloud | 1 Vdesk | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Unrestricted Upload of a File with a Dangerous Type can occur under the vShare web site section. A remote user, authenticated to the product, can arbitrarily upload potentially dangerous files without restrictions. | |||||
| CVE-2022-45039 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-45009 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-44401 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. | |||||
| CVE-2022-44400 | 1 Purchase Order Management System Project | 1 Purchase Order Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Purchase Order Management System v1.0 contains a file upload vulnerability via /purchase_order/admin/?page=system_info. | |||||
| CVE-2022-44384 | 1 Rconfig | 1 Rconfig | 2024-11-21 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-44354 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. | |||||
| CVE-2022-44289 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | N/A | 8.8 HIGH |
| Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. | |||||
| CVE-2022-44276 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE. | |||||
| CVE-2022-44054 | 1 Democritus | 1 D8s-xml | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44053 | 1 Democritus | 1 D8s-networking | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44052 | 1 Democritus | 1 D8s-dates | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44051 | 1 Democritus | 1 D8s-stats | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44050 | 1 Democritus | 1 D8s-networking | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44049 | 1 Democritus | 1 D8s-python | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44048 | 1 Democritus | 1 D8s-urls | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44036 | 1 B2evolution | 1 B2evolution Cms | 2024-11-21 | N/A | 7.2 HIGH |
| In b2evolution 7.2.5, if configured with admins_can_manipulate_sensitive_files, arbitrary file upload is allowed for admins, leading to command execution. NOTE: the vendor's position is that this is "very obviously a feature not an issue and if you don't like that feature it is very obvious how to disable it." | |||||