Total
3375 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24837 | 1 Hedgedoc | 1 Hedgedoc | 2025-04-23 | 5.3 Medium |
| HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. Images uploaded with HedgeDoc version 1.9.1 and later have an enumerable filename after the upload, resulting in potential information leakage of uploaded documents. This is especially relevant for private notes and affects all upload backends, except Lutim and imgur. This issue is patched in version 1.9.3 by replacing the filename generation with UUIDv4. If you cannot upgrade to HedgeDoc 1.9.3, it is possible to block POST requests to `/uploadimage`, which will disable future uploads. | ||||
| CVE-2022-31041 | 1 Maykinmedia | 1 Open Forms | 2025-04-23 | 7.6 High |
| Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / Excel / ...). The input validation of uploaded files is insufficient in versions prior to 1.0.9 and 1.1.1. Users could alter or strip file extensions to bypass this validation. This results in files being uploaded to the server that are of a different file type than indicated by the file name extension. These files may be downloaded (manually or automatically) by staff and/or other applications for further processing. Malicious files can therefore find their way into internal/trusted networks. Versions 1.0.9 and 1.1.1 contain patches for this issue. As a workaround, an API gateway or intrusion detection solution in front of open-forms may be able to scan for and block malicious content before it reaches the Open Forms application. | ||||
| CVE-2022-31086 | 2 Debian, Ldap-account-manager | 2 Debian Linux, Ldap Account Manager | 2025-04-23 | 8.8 High |
| LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue. | ||||
| CVE-2025-3783 | 1 Seniorwalter | 1 Web-based Pharmacy Product Management System | 2025-04-23 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-31134 | 1 Zulip | 1 Zulip Server | 2025-04-23 | 4.9 Medium |
| Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many configurations server administrators are not expected to have access to private messages and private streams. However, the "public data" export which administrators could generate contained the attachment contents for all attachments, even those from private messages and streams. Zulip Server version 5.4 contains a patch for this issue. | ||||
| CVE-2022-31161 | 1 Roxy-wi | 1 Roxy-wi | 2025-04-23 | 10 Critical |
| Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. Prior to version 6.1.1.0, the system command can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Version 6.1.1.0 contains a patch for this issue. | ||||
| CVE-2023-0714 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2025-04-23 | 8.1 High |
| The Metform Elementor Contact Form Builder for WordPress is vulnerable to Arbitrary File Upload due to insufficient file type validation in versions up to, and including, 3.2.4. This allows unauthenticated visitors to perform a "double extension" attack and upload files containing a malicious extension but ending with a benign extension, which may make remote code execution possible in some configurations. | ||||
| CVE-2022-36066 | 1 Discourse | 1 Discourse | 2025-04-23 | 9.1 Critical |
| Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. | ||||
| CVE-2024-4306 | 1 Ofofonobsdev | 1 Hubbank | 2025-04-23 | 9.9 Critical |
| Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution. | ||||
| CVE-2022-45548 | 1 Ayacms Project | 1 Ayacms | 2025-04-23 | 8.8 High |
| AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability. | ||||
| CVE-2022-44289 | 1 Thinkphp | 1 Thinkphp | 2025-04-23 | 8.8 High |
| Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file upload getshell. | ||||
| CVE-2022-45275 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-04-23 | 7.2 High |
| An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-45009 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2025-04-23 | 7.2 High |
| Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2024-48454 | 2 Oretnom23, Purchase Order Management System Project | 2 Purchase Order Management System, Purchase Order Management System | 2025-04-23 | 7.2 High |
| An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component | ||||
| CVE-2025-29394 | 2025-04-22 | 8.1 High | ||
| An insecure permissions vulnerability in verydows v2.0 allows a remote attacker to execute arbitrary code by uploading a file type. | ||||
| CVE-2022-45968 | 1 Alist Project | 1 Alist | 2025-04-22 | 8.8 High |
| Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one). | ||||
| CVE-2022-45759 | 1 Sens Project | 1 Sens | 2025-04-22 | 8.8 High |
| SENS v1.0 has a file upload vulnerability. | ||||
| CVE-2022-46828 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2025-04-22 | 5.2 Medium |
| In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | ||||
| CVE-2022-24749 | 1 Sylius | 1 Sylius | 2025-04-22 | 6.1 Medium |
| Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. As a workaround, require a library that adds on-upload file sanitization and overwrite the service before writing the file to the filesystem. The GitHub Security Advisory contains more specific information about the workaround. | ||||
| CVE-2022-39301 | 1 Sra-admin Project | 1 Sra-admin | 2025-04-22 | 8.2 High |
| sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" - "Profile Picture Upload" allowing theft of the user's personal information. This issue has been patched in 1.1.2. There are no known workarounds. | ||||