Total
2982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42043 | 1 Democritus | 1 D8s-xml | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | |||||
| CVE-2022-42040 | 1 Democritus | 1 D8s-algorithms | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | |||||
| CVE-2022-42039 | 1 Democritus | 1 D8s-lists | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | |||||
| CVE-2022-42038 | 1 Democritus | 1 D8s-ip-addresses | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-42037 | 1 Democritus | 1 D8s-asns | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-42036 | 1 Democritus | 1 D8s-urls | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-42034 | 1 Wedding Planner Project | 1 Wedding Planner | 2024-11-21 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. | |||||
| CVE-2022-42029 | 1 Chamilo | 1 Chamilo | 2024-11-21 | N/A | 8.8 HIGH |
| Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory. | |||||
| CVE-2022-41681 | 1 Formalms | 1 Formalms | 2024-11-21 | N/A | 9.9 CRITICAL |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. | |||||
| CVE-2022-41537 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41534 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41533 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41512 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41504 | 1 Billing System Project | 1 Billing System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41437 | 1 Billing System Project Project | 1 Billing System Project | 2024-11-21 | N/A | 7.2 HIGH |
| Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php. | |||||
| CVE-2022-41406 | 1 Church Management System Project | 1 Church Management System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41387 | 1 Democritus | 1 D8s-pdfs | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||
| CVE-2022-41386 | 1 Democritus | 1 D8s-utility | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||
| CVE-2022-41385 | 1 Democritus | 1 D8s-html | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||
| CVE-2022-41384 | 1 Democritus | 1 D8s-domains | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||