Total
3218 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40431 | 1 D8s-pdfs Project | 1 D8s-pdfs | 2024-11-21 | 9.8 Critical |
| The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | ||||
| CVE-2022-3549 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | 4.7 Medium |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability. | ||||
| CVE-2022-3458 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559. | ||||
| CVE-2022-3436 | 1 Web-based Student Clearance System Project | 1 Web-based Student Clearance System | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210367. | ||||
| CVE-2022-3125 | 1 Najeebmedia | 1 Frontend File Manager | 2024-11-21 | 8.8 High |
| The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE | ||||
| CVE-2022-38886 | 1 D8s-xml Project | 1 D8s-xml | 2024-11-21 | 9.8 Critical |
| The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38885 | 1 D8s-netstrings Project | 1 D8s-netstrings | 2024-11-21 | 9.8 Critical |
| The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38884 | 1 D8s-grammars Project | 1 D8s-grammars | 2024-11-21 | 9.8 Critical |
| The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38883 | 1 D8s-math Project | 1 D8s-math | 2024-11-21 | 9.8 Critical |
| The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38882 | 1 D8s-json Project | 1 D8s-json | 2024-11-21 | 9.8 Critical |
| The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38881 | 1 D8s-archives Project | 1 D8s-archives | 2024-11-21 | 9.8 Critical |
| The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38843 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 8.8 High |
| EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server. | ||||
| CVE-2022-38323 | 1 Event Management System Project | 1 Event Management System | 2024-11-21 | 7.2 High |
| Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-38305 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | 8.8 High |
| AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-38296 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 9.8 Critical |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. | ||||
| CVE-2022-37426 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2024-11-21 | 4.3 Medium |
| Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. | ||||
| CVE-2022-37184 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | 8.8 High |
| The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. | ||||
| CVE-2022-37181 | 1 72crm | 1 Wukong Crm | 2024-11-21 | 9.8 Critical |
| 72crm 9.0 has an Arbitrary file upload vulnerability. | ||||
| CVE-2022-37159 | 1 Claroline | 1 Claroline | 2024-11-21 | 9.8 Critical |
| Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. | ||||
| CVE-2022-37140 | 1 Techvill | 1 Paymoney | 2024-11-21 | 8.0 High |
| PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file. | ||||