Total
3231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42036 | 1 Democritus | 1 D8s-urls | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-41681 | 1 Formalms | 1 Formalms | 2024-11-21 | N/A | 9.9 CRITICAL |
| There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection. | |||||
| CVE-2022-41512 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /php_action/editFile.php of Online Diagnostic Lab Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41379 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2024-11-21 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-41267 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-11-21 | N/A | 9.9 CRITICAL |
| SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application. | |||||
| CVE-2022-41217 | 1 Hybridsoftware | 1 Cloudflow | 2024-11-21 | N/A | 9.8 CRITICAL |
| Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage. | |||||
| CVE-2022-40981 | 1 Etictelecom | 14 Ras-c-100-lw, Ras-e-100, Ras-e-220 and 11 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prior is vulnerable to malicious file upload. An attacker could take advantage of this to store malicious files on the server, which could override sensitive and useful existing files on the filesystem, fill the hard disk to full capacity, or compromise the affected device or computers with administrator level privileges connected to the affected device. | |||||
| CVE-2022-40921 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 7.2 HIGH |
| DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. | |||||
| CVE-2022-40896 | 1 Pygments | 1 Pygments | 2024-11-21 | N/A | 5.5 MEDIUM |
| A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. | |||||
| CVE-2022-40886 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A | 7.2 HIGH |
| DedeCMS 5.7.98 has a file upload vulnerability in the background. | |||||
| CVE-2022-40777 | 1 Interspire | 1 Email Marketer | 2024-11-21 | N/A | 8.8 HIGH |
| Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550. | |||||
| CVE-2022-40721 | 1 Creativedream File Uploader Project | 1 Creativedream File Uploader | 2024-11-21 | N/A | 9.8 CRITICAL |
| Arbitrary file upload vulnerability in php uploader | |||||
| CVE-2022-40432 | 1 D8s-strings Project | 1 D8s-strings | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0. | |||||
| CVE-2022-40431 | 1 D8s-pdfs Project | 1 D8s-pdfs | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-3771 | 1 Easyiicms | 1 Easyiicms | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The identifier VDB-212501 was assigned to this vulnerability. | |||||
| CVE-2022-3770 | 1 Xjyunjing | 1 Yunjing Content Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500. | |||||
| CVE-2022-3575 | 1 Frauscher | 1 Frauscher Diagnostic System 102 | 2024-11-21 | N/A | 9.8 CRITICAL |
| Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to v2.9.1 are vulnerable to malicious code upload without authentication by using the configuration upload function. This could lead to a complete compromise of the FDS102 device. | |||||
| CVE-2022-3552 | 1 Boxbilling | 1 Boxbilling | 2024-11-21 | N/A | 7.2 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. | |||||
| CVE-2022-3549 | 1 Oretnom23 | 1 Simple Cold Storage Management System | 2024-11-21 | N/A | 4.7 MEDIUM |
| A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /csms/admin/?page=user/manage_user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-211049 was assigned to this vulnerability. | |||||
| CVE-2022-3458 | 1 Oretnom23 | 1 Human Resource Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559. | |||||