Total
3684 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23026 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Acceleration Manager | 2024-11-21 | 4.3 Medium |
| On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-22952 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2024-11-21 | 9.1 Critical |
| VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file. | ||||
| CVE-2022-22929 | 1 Mingsoft | 1 Mcms | 2024-11-21 | 9.8 Critical |
| MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file. | ||||
| CVE-2022-22482 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 6.5 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow an authenticated user to upload files that could fill up the filesystem and cause a denial of service. IBM X-Force ID: 225977. | ||||
| CVE-2022-22450 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2024-11-21 | 3.8 Low |
| IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916. | ||||
| CVE-2022-22392 | 1 Ibm | 1 Planning Analytics Workspace | 2024-11-21 | 7.8 High |
| IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. | ||||
| CVE-2022-22375 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-11-21 | 7.2 High |
| IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681. | ||||
| CVE-2022-1952 | 1 Syntactics | 1 Free Booking Plugin For Hotels\, Restaurant And Car Rental | 2024-11-21 | 9.8 Critical |
| The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps. | ||||
| CVE-2022-1939 | 1 Allow Svg Files Project | 1 Allow Svg Files | 2024-11-21 | 7.2 High |
| The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to | ||||
| CVE-2022-1811 | 1 Publify Project | 1 Publify | 2024-11-21 | 5.4 Medium |
| Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. | ||||
| CVE-2022-1752 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 8.0 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. | ||||
| CVE-2022-1411 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 6.1 Medium |
| Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover. | ||||
| CVE-2022-1409 | 1 Vikwp | 1 Hotel Booking Engine \& Pms | 2024-11-21 | 7.2 High |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code | ||||
| CVE-2022-1345 | 1 Organizr | 1 Organizr | 2024-11-21 | 9.0 Critical |
| Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | ||||
| CVE-2022-1273 | 1 Importwp | 1 Import Wp | 2024-11-21 | 7.2 High |
| The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE | ||||
| CVE-2022-1103 | 1 Advanced Uploader Project | 1 Advanced Uploader | 2024-11-21 | 8.8 High |
| The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE | ||||
| CVE-2022-1045 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 5.4 Medium |
| Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. | ||||
| CVE-2022-1034 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 7.2 High |
| There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. | ||||
| CVE-2022-1033 | 1 Craterapp | 1 Crater | 2024-11-21 | 7.8 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. | ||||
| CVE-2022-1008 | 1 Ocdi | 1 One Click Demo Import | 2024-11-21 | 7.2 High |
| The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed | ||||