Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3076 | 1 Cminds | 1 Cm Download Manager | 2022-09-26 | N/A | 7.2 HIGH |
| The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example. | |||||
| CVE-2022-3257 | 1 Mattermost | 1 Mattermost Server | 2022-09-26 | N/A | 6.5 MEDIUM |
| Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service. | |||||
| CVE-2022-40087 | 1 Simple College Website Project | 1 Simple College Website | 2022-09-26 | N/A | 9.8 CRITICAL |
| Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-40932 | 1 Zoo Management System Project | 1 Zoo Management System | 2022-09-23 | N/A | 7.2 HIGH |
| In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system. | |||||
| CVE-2022-2872 | 1 Octoprint | 1 Octoprint | 2022-09-23 | N/A | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. | |||||
| CVE-2022-40217 | 1 Xplodedthemes | 1 Wpide | 2022-09-22 | N/A | 7.2 HIGH |
| Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | |||||
| CVE-2022-36386 | 1 Soflyy | 1 Wp All Import | 2022-09-22 | N/A | 7.2 HIGH |
| Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress. | |||||
| CVE-2022-38916 | 1 Pagekit | 1 Pagekit | 2022-09-21 | N/A | 9.8 CRITICAL |
| A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files | |||||
| CVE-2022-38887 | 1 D8s-python Project | 1 D8s-python | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-40432 | 1 D8s-strings Project | 1 D8s-strings | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0. | |||||
| CVE-2022-38882 | 1 D8s-json Project | 1 D8s-json | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-40431 | 1 D8s-pdfs Project | 1 D8s-pdfs | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-38881 | 1 D8s-archives Project | 1 D8s-archives | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38883 | 1 D8s-math Project | 1 D8s-math | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38884 | 1 D8s-grammars Project | 1 D8s-grammars | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38885 | 1 D8s-netstrings Project | 1 D8s-netstrings | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38886 | 1 D8s-xml Project | 1 D8s-xml | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38877 | 1 Garage Management System Project | 1 Garage Management System | 2022-09-16 | N/A | 7.2 HIGH |
| Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1. | |||||
| CVE-2022-38843 | 1 Espocrm | 1 Espocrm | 2022-09-16 | N/A | 8.8 HIGH |
| EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server. | |||||
| CVE-2022-38305 | 1 Aerocms Project | 1 Aerocms | 2022-09-16 | N/A | 8.8 HIGH |
| AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||