Export limit exceeded: 355911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4204 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20915 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 7.4 High |
| A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) with Zone-Based Firewall (ZBFW) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling of an IPv6 packet that is forwarded from an MPLS and ZBFW-enabled interface in a 6VPE deployment. An attacker could exploit this vulnerability by sending a crafted IPv6 packet sourced from a device on the IPv6-enabled virtual routing and forwarding (VRF) interface through the affected device. A successful exploit could allow the attacker to reload the device, resulting in a DoS condition. | ||||
| CVE-2022-1939 | 1 Allow Svg Files Project | 1 Allow Svg Files | 2024-11-21 | 7.2 High |
| The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to | ||||
| CVE-2022-1811 | 1 Publify Project | 1 Publify | 2024-11-21 | 5.4 Medium |
| Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. | ||||
| CVE-2022-1752 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 8.0 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. | ||||
| CVE-2022-1411 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 6.1 Medium |
| Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to account takeover. | ||||
| CVE-2022-1409 | 1 Vikwp | 1 Hotel Booking Engine \& Pms | 2024-11-21 | 7.2 High |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code | ||||
| CVE-2022-1345 | 1 Organizr | 1 Organizr | 2024-11-21 | 9.0 Critical |
| Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse. | ||||
| CVE-2022-1273 | 1 Importwp | 1 Import Wp | 2024-11-21 | 7.2 High |
| The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE | ||||
| CVE-2022-1103 | 1 Advanced Uploader Project | 1 Advanced Uploader | 2024-11-21 | 8.8 High |
| The Advanced Uploader WordPress plugin through 4.2 allows any authenticated users like subscriber to upload arbitrary files, such as PHP, which could lead to RCE | ||||
| CVE-2022-1045 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 5.4 Medium |
| Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0. | ||||
| CVE-2022-1034 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 7.2 High |
| There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. | ||||
| CVE-2022-1033 | 1 Craterapp | 1 Crater | 2024-11-21 | 7.8 High |
| Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. | ||||
| CVE-2022-1008 | 1 Ocdi | 1 One Click Demo Import | 2024-11-21 | 7.2 High |
| The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed | ||||
| CVE-2022-0962 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.4 Medium |
| Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. | ||||
| CVE-2022-0960 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.4 Medium |
| Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. | ||||
| CVE-2022-0951 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 6.1 Medium |
| File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. | ||||
| CVE-2022-0950 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.4 Medium |
| Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. | ||||
| CVE-2022-0945 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.4 Medium |
| Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. | ||||
| CVE-2022-0930 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.8 Medium |
| File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | ||||
| CVE-2022-0921 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.7 Medium |
| Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | ||||