Total
1113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37346 | 1 Ec-cube | 1 Product Image Bulk Upload | 2025-05-21 | N/A | 9.8 CRITICAL |
| EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 contains an insufficient verification vulnerability when uploading files. Exploiting this vulnerability allows a remote unauthenticated attacker to upload arbitrary files other than image files. If a user with an administrative privilege of EC-CUBE where the vulnerable plugin is installed is led to upload a specially crafted file, an arbitrary script may be executed on the system. | |||||
| CVE-2022-41385 | 1 Democritus | 1 D8s-html | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||
| CVE-2022-41384 | 1 Democritus | 1 D8s-domains | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||
| CVE-2022-41383 | 1 Democritus | 1 D8s-archives | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-42037 | 1 Democritus | 1 D8s-asns | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-41387 | 1 Democritus | 1 D8s-pdfs | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||
| CVE-2022-41386 | 1 Democritus | 1 D8s-utility | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | |||||
| CVE-2022-41382 | 1 Democritus | 1 D8s-json | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-41381 | 1 Democritus | 1 D8s-utility | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-41380 | 1 Democritus | 1 D8s-yaml | 2025-05-20 | N/A | 9.8 CRITICAL |
| The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||
| CVE-2022-42044 | 1 Democritus | 1 D8s-asns | 2025-05-19 | N/A | 9.8 CRITICAL |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | |||||
| CVE-2022-42043 | 1 Democritus | 1 D8s-xml | 2025-05-19 | N/A | 9.8 CRITICAL |
| The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | |||||
| CVE-2022-42040 | 1 Democritus | 1 D8s-algorithms | 2025-05-19 | N/A | 9.8 CRITICAL |
| The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | |||||
| CVE-2022-42039 | 1 Democritus | 1 D8s-lists | 2025-05-19 | N/A | 9.8 CRITICAL |
| The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | |||||
| CVE-2022-42038 | 1 Democritus | 1 D8s-ip-addresses | 2025-05-19 | N/A | 9.8 CRITICAL |
| The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2025-4389 | 2025-05-19 | N/A | 9.8 CRITICAL | ||
| The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-4391 | 2025-05-19 | N/A | 9.8 CRITICAL | ||
| The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echo_generate_featured_image() function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2025-3917 | 2025-05-16 | N/A | 9.8 CRITICAL | ||
| The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-24393 | 1 Oaooa | 1 Pichome | 2025-05-15 | N/A | 9.8 CRITICAL |
| File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. | |||||
| CVE-2022-42154 | 1 74cms | 1 74cmsse | 2025-05-14 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||