Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

CVEs (4,107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-36386 1Soflyy 1Wp All Import Jun 17, 2026 Sep 21, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.
CVE-2022-2872 1Octoprint 1Octoprint Jun 17, 2026 Sep 21, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.
CVE-2022-38916 1Pagekit 1Pagekit Jun 17, 2026 Sep 20, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files
CVE-2022-40432 1D8s Strings Project 1D8s Strings Jun 17, 2026 Sep 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.
CVE-2022-40431 1D8s Pdfs Project 1D8s Pdfs Jun 17, 2026 Sep 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
CVE-2022-38887 1D8s Python Project 1D8s Python Jun 17, 2026 Sep 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0.
CVE-2022-38886 1D8s Xml Project 1D8s Xml Jun 17, 2026 Sep 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
CVE-2022-38885 1D8s Netstrings Project 1D8s Netstrings Jun 17, 2026 Sep 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
CVE-2022-38884 1D8s Grammars Project 1D8s Grammars Jun 17, 2026 Sep 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
CVE-2022-38883 1D8s Math Project 1D8s Math Jun 17, 2026 Sep 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
CVE-2022-38882 1D8s Json Project 1D8s Json Jun 17, 2026 Sep 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
CVE-2022-38881 1D8s Archives Project 1D8s Archives Jun 17, 2026 Sep 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.
CVE-2022-38877 1Garage Management System Project 1Garage Management System Jun 17, 2026 Sep 16, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1.
CVE-2022-38843 1Espocrm 1Espocrm Jun 17, 2026 Sep 16, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the serve...Show more EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.Show less
CVE-2022-38323 1Event Management System Project 1Event Management System Jun 17, 2026 Sep 15, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted P...Show more Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.Show less
CVE-2022-37140 1Techvill 1Paymoney Jun 17, 2026 Sep 14, 2022 N/A· v4 8.0 HIGH· v3 N/A· v2 PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file ope...Show more PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.Show less
CVE-2022-36667 1Garage Management System Project 1Garage Management System Jun 17, 2026 Sep 14, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the atta...Show more Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE.Show less
CVE-2022-38305 1Aerocms Project 1Aerocms Jun 17, 2026 Sep 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-38296 1Cuppacms 1Cuppacms Jun 17, 2026 Sep 12, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.
CVE-2021-44426 1Anydesk 1Anydesk Jun 17, 2026 Sep 12, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect t...Show more An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim.Show less

Previous 1...137138139...206 Next