• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2022-1045

February 23, 2023 by

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.

CVE-2022-0959

February 23, 2023 by

A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.

CVE-2022-1008

February 23, 2023 by

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed

CVE-2022-0888

February 23, 2023 by

The Ninja Forms – File Uploads Extension WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/includes/ajax/controllers/uploads.php file which can be bypassed making it possible for unauthenticated attackers to upload malicious files that can be used to obtain remote code execution, in versions up to and including 3.3.0

CVE-2022-0912

February 23, 2023 by

Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.

CVE-2022-0921

February 23, 2023 by

Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 217
  • Go to page 218
  • Go to page 219
  • Go to page 220
  • Go to page 221
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE