Total
2650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41217 | 1 Hybridsoftware | 1 Cloudflow | 2024-11-21 | N/A | 9.8 CRITICAL |
| Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | |||||
| CVE-2022-40981 | 1 Etictelecom | 14 Ras-c-100-lw, Ras-e-100, Ras-e-220 and 11 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device. | |||||
| CVE-2022-40932 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | N/A | 7.2 HIGH |
| In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system. | |||||
| CVE-2022-40925 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system. | |||||
| CVE-2022-40924 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system. | |||||
| CVE-2022-40921 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 7.2 HIGH |
| DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. | |||||
| CVE-2022-40896 | 1 Pygments | 1 Pygments | 2024-11-21 | N/A | 5.5 MEDIUM |
| A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. | |||||
| CVE-2022-40886 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 7.2 HIGH |
| DedeCMS 5.7.98 has a file upload vulnerability in the background. | |||||
| CVE-2022-40878 | 1 Exam Reviewer Management System Project | 1 Exam Reviewer Management System | 2024-11-21 | N/A | 8.8 HIGH |
| In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE). | |||||
| CVE-2022-40797 | 1 Roxyfileman | 1 Roxy Fileman | 2024-11-21 | N/A | 9.8 CRITICAL |
| Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.) | |||||
| CVE-2022-40777 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A | 8.8 HIGH |
| Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550. | |||||
| CVE-2022-40721 | 1 Creativedream File Uploader Project | 1 Creativedream File Uploader | 2024-11-21 | N/A | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in php uploader | |||||
| CVE-2022-40471 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php | |||||
| CVE-2022-40432 | 1 D8s-strings Project | 1 D8s-strings | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0. | |||||
| CVE-2022-40431 | 1 D8s-pdfs Project | 1 D8s-pdfs | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-40407 | 1 Chamilo | 1 Chamilo | 2024-11-21 | N/A | 8.8 HIGH |
| A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file. | |||||
| CVE-2022-40341 | 1 Mojoportal | 1 Mojoportal | 2024-11-21 | N/A | 8.8 HIGH |
| mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. | |||||
| CVE-2022-40217 | 1 Xplodedthemes | 1 Wpide | 2024-11-21 | N/A | 6.5 MEDIUM |
| Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | |||||
| CVE-2022-40200 | 1 Gvectors | 1 Wpforo Forum | 2024-11-21 | N/A | 9.9 CRITICAL |
| Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin <= 2.0.9 on WordPress. | |||||
| CVE-2022-40087 | 1 Simple College Website Project | 1 Simple College Website | 2024-11-21 | N/A | 9.8 CRITICAL |
| Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||