Total
2982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38887 | 1 D8s-python Project | 1 D8s-python | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38886 | 1 D8s-xml Project | 1 D8s-xml | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38885 | 1 D8s-netstrings Project | 1 D8s-netstrings | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38884 | 1 D8s-grammars Project | 1 D8s-grammars | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38883 | 1 D8s-math Project | 1 D8s-math | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38882 | 1 D8s-json Project | 1 D8s-json | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38881 | 1 D8s-archives Project | 1 D8s-archives | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38877 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1. | |||||
| CVE-2022-38843 | 1 Espocrm | 1 Espocrm | 2024-11-21 | N/A | 8.8 HIGH |
| EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server. | |||||
| CVE-2022-38323 | 1 Event Management System Project | 1 Event Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-38305 | 1 Aerocms Project | 1 Aerocms | 2024-11-21 | N/A | 8.8 HIGH |
| AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-38296 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. | |||||
| CVE-2022-38140 | 1 Squirrly | 1 Seo Plugin By Squirrly Seo | 2024-11-21 | N/A | 7.6 HIGH |
| Auth. (contributor+) Arbitrary File Upload in SEO Plugin by Squirrly SEO plugin <= 12.1.10 on WordPress. | |||||
| CVE-2022-37426 | 2 Linux, Opennebula | 2 Linux Kernel, Opennebula | 2024-11-21 | N/A | 4.3 MEDIUM |
| Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. | |||||
| CVE-2022-37346 | 1 Ec-cube | 1 Product Image Bulk Upload | 2024-11-21 | N/A | 9.8 CRITICAL |
| EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system. | |||||
| CVE-2022-37184 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 8.8 HIGH |
| The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. | |||||
| CVE-2022-37181 | 1 72crm | 1 Wukong Crm | 2024-11-21 | N/A | 9.8 CRITICAL |
| 72crm 9.0 has an Arbitrary file upload vulnerability. | |||||
| CVE-2022-37159 | 1 Claroline | 1 Claroline | 2024-11-21 | N/A | 9.8 CRITICAL |
| Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. | |||||
| CVE-2022-37140 | 1 Techvill | 1 Paymoney | 2024-11-21 | N/A | 8.0 HIGH |
| PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file. | |||||
| CVE-2022-36769 | 2 Ibm, Redhat | 2 Cloud Pak For Data, Openshift | 2024-11-21 | N/A | 7.2 HIGH |
| IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034. | |||||