Total
3085 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41384 | 1 Democritus | 1 D8s-domains | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||
| CVE-2022-41383 | 1 Democritus | 1 D8s-archives | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-42037 | 1 Democritus | 1 D8s-asns | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-42034 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-20 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. | |||||
| CVE-2022-41387 | 1 Democritus | 1 D8s-pdfs | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||
| CVE-2022-41386 | 1 Democritus | 1 D8s-utility | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||
| CVE-2022-41382 | 1 Democritus | 1 D8s-json | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-41381 | 1 Democritus | 1 D8s-utility | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-41380 | 1 Democritus | 1 D8s-yaml | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-29623 | 1 Connect-multiparty Project | 1 Connect-multiparty | 2025-05-20 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report. | |||||
| CVE-2022-42229 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-19 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. | |||||
| CVE-2022-42044 | 1 Democritus | 1 D8s-asns | 2025-05-19 | N/A | 9.8 CRITICAL |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | |||||
| CVE-2022-42043 | 1 Democritus | 1 D8s-xml | 2025-05-19 | N/A | 9.8 CRITICAL |
| The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | |||||
| CVE-2022-42040 | 1 Democritus | 1 D8s-algorithms | 2025-05-19 | N/A | 9.8 CRITICAL |
| The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | |||||
| CVE-2022-42039 | 1 Democritus | 1 D8s-lists | 2025-05-19 | N/A | 9.8 CRITICAL |
| The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | |||||
| CVE-2022-42038 | 1 Democritus | 1 D8s-ip-addresses | 2025-05-19 | N/A | 9.8 CRITICAL |
| The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2025-47787 | 2025-05-19 | N/A | N/A | ||
| Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where it fails to properly validate the contents of remotely downloaded ZIP plugin files. This insufficient validation allows attackers to execute arbitrary code on the vulnerable system. Version 2.5.10 contains a patch for the issue. | |||||
| CVE-2025-4389 | 2025-05-19 | N/A | 9.8 CRITICAL | ||
| The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-4391 | 2025-05-19 | N/A | 9.8 CRITICAL | ||
| The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-3917 | 2025-05-16 | N/A | 9.8 CRITICAL | ||
| The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||