Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34501 | 1 Pypi | 1 Pypi | 2024-11-21 | N/A | 9.8 CRITICAL |
| The bin-collection package in PyPI before v0.1 included a code execution backdoor inserted by a third party. | |||||
| CVE-2022-34500 | 1 Pypi | 1 Pypi | 2024-11-21 | N/A | 9.8 CRITICAL |
| The bin-collect package in PyPI before v0.1 included a code execution backdoor inserted by a third party. | |||||
| CVE-2022-34113 | 1 Dataease | 1 Dataease | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. | |||||
| CVE-2022-34056 | 1 Pypi | 1 Watertools | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-34055 | 1 Pypi | 1 Drxhello | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-34054 | 1 Pypi | 1 Perdido | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-34053 | 1 Pypi | 1 Dr-web-engine | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-33980 | 1 Apache | 1 Commons Configuration | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. | |||||
| CVE-2022-33882 | 1 Autodesk | 1 Autodesk Desktop | 2024-11-21 | N/A | 9.8 CRITICAL |
| Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code. | |||||
| CVE-2022-33649 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 9.6 CRITICAL |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | |||||
| CVE-2022-33127 | 2 Diffy Project, Microsoft | 2 Diffy, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string. | |||||
| CVE-2022-33004 | 1 Pypi | 1 Beginner | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-33003 | 1 Pypi | 1 Watools | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-33002 | 1 Pypi | 1 Explore | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-33001 | 1 Pypi | 1 Aamiles | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-33000 | 1 Pypi | 1 Ml-scanner | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-32999 | 1 Pypi | 1 Cloudlabeling | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-32998 | 1 Pypi | 1 Cryptoasset-data-downloader | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-32997 | 1 Pypi | 1 Rootinteractive | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-32996 | 1 Pypi | 1 Django-navbar-client | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||