Total
1118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42036 | 1 Democritus | 1 D8s-urls | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-41681 | 1 Formalms | 1 Formalms | 2024-11-21 | N/A | 9.9 CRITICAL |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. | |||||
| CVE-2022-41267 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-11-21 | N/A | 9.9 CRITICAL |
| SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application. | |||||
| CVE-2022-41217 | 1 Hybridsoftware | 1 Cloudflow | 2024-11-21 | N/A | 9.8 CRITICAL |
| Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | |||||
| CVE-2022-40721 | 1 Creativedream File Uploader Project | 1 Creativedream File Uploader | 2024-11-21 | N/A | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in php uploader | |||||
| CVE-2022-40432 | 1 D8s-strings Project | 1 D8s-strings | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0. | |||||
| CVE-2022-40431 | 1 D8s-pdfs Project | 1 D8s-pdfs | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-3575 | 1 Frauscher | 1 Frauscher Diagnostic System 102 | 2024-11-21 | N/A | 9.8 CRITICAL |
| Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device. | |||||
| CVE-2022-39983 | 1 Instantdeveloper | 1 Rd3 | 2024-11-21 | N/A | 9.8 CRITICAL |
| File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute arbitrary code. | |||||
| CVE-2022-39305 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2024-11-21 | N/A | 9.8 CRITICAL |
| Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds. | |||||
| CVE-2022-38886 | 1 D8s-xml Project | 1 D8s-xml | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38885 | 1 D8s-netstrings Project | 1 D8s-netstrings | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38884 | 1 D8s-grammars Project | 1 D8s-grammars | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38883 | 1 D8s-math Project | 1 D8s-math | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38882 | 1 D8s-json Project | 1 D8s-json | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38881 | 1 D8s-archives Project | 1 D8s-archives | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38296 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | N/A | 9.8 CRITICAL |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. | |||||
| CVE-2022-37159 | 1 Claroline | 1 Claroline | 2024-11-21 | N/A | 9.8 CRITICAL |
| Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. | |||||
| CVE-2022-36557 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file. | |||||
| CVE-2022-36264 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. A malicious actor can remotely upload a file of their choice and overwrite any file in the system by manipulating the filename and append a relative path that will be interpreted during the upload process. Using this method, it is possible to rewrite any file in the system or upload a new file. | |||||