Total
1113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44053 | 1 Democritus | 1 D8s-networking | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44052 | 1 Democritus | 1 D8s-dates | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44051 | 1 Democritus | 1 D8s-stats | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44050 | 1 Democritus | 1 D8s-networking | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44049 | 1 Democritus | 1 D8s-python | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44048 | 1 Democritus | 1 D8s-urls | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-43305 | 1 Democritus | 1 D8s-python | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-43304 | 1 Democritus | 1 D8s-timer | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-43303 | 1 Democritus | 1 D8s-strings | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44054 | 1 Democritus | 1 D8s-xml | 2025-05-01 | N/A | 9.8 CRITICAL |
| The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-utility package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-40797 | 1 Roxyfileman | 1 Roxy Fileman | 2025-05-01 | N/A | 9.8 CRITICAL |
| Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.) | |||||
| CVE-2024-33120 | 1 Roothub | 1 Roothub | 2025-05-01 | N/A | 9.8 CRITICAL |
| Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload() function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file. | |||||
| CVE-2024-25846 | 1 Simpleimportproduct Project | 1 Simpleimportproduct | 2025-04-30 | N/A | 9.1 CRITICAL |
| In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php. | |||||
| CVE-2024-37762 | 1 Machform | 1 Machform | 2025-04-30 | N/A | 9.9 CRITICAL |
| MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution. | |||||
| CVE-2024-34833 | 1 Oretnom23 | 1 Payroll Management System | 2025-04-30 | N/A | 9.8 CRITICAL |
| Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server. | |||||
| CVE-2022-43234 | 1 Hoosk | 1 Hoosk | 2025-04-30 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the /attachments component of Hoosk v1.8 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43265 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-04-30 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /pages/save_user.php of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2020-23591 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2025-04-29 | N/A | 9.8 CRITICAL |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor. | |||||
| CVE-2022-41705 | 1 Uatech | 1 Badaso | 2025-04-29 | N/A | 9.8 CRITICAL |
| Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | |||||
| CVE-2022-44401 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-04-29 | N/A | 9.8 CRITICAL |
| Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. | |||||