Vulnerabilities > Nbnbk Project > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-46493 | Unrestricted Upload of File with Dangerous Type vulnerability in Nbnbk Project Nbnbk Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img. | 9.8 |
| 2022-06-09 | CVE-2022-31386 | Server-Side Request Forgery (SSRF) vulnerability in Nbnbk Project Nbnbk 3 A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter. | 9.1 |