Total
2650 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42698 | 1 Api2cart | 1 Api2cart Bridge Connector | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. | |||||
| CVE-2022-42443 | 2024-11-21 | N/A | 2.2 LOW | ||
| An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535. | |||||
| CVE-2022-42287 | 1 Nvidia | 2 Bmc, Dgx A100 | 2024-11-21 | N/A | 6.0 MEDIUM |
| NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. | |||||
| CVE-2022-42229 | 1 Wedding Planner Project | 1 Wedding Planner | 2024-11-21 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. | |||||
| CVE-2022-42201 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2024-11-21 | N/A | 7.2 HIGH |
| Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. | |||||
| CVE-2022-42198 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2024-11-21 | N/A | 8.8 HIGH |
| In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. | |||||
| CVE-2022-42189 | 1 Emlog | 1 Emlog | 2024-11-21 | N/A | 7.2 HIGH |
| Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. | |||||
| CVE-2022-42154 | 1 74cms | 1 74cmsse | 2024-11-21 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-42092 | 1 Backdropcms | 1 Backdrop Cms | 2024-11-21 | N/A | 7.2 HIGH |
| Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required. | |||||
| CVE-2022-42044 | 1 Democritus | 1 D8s-asns | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | |||||
| CVE-2022-42043 | 1 Democritus | 1 D8s-xml | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | |||||
| CVE-2022-42040 | 1 Democritus | 1 D8s-algorithms | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | |||||
| CVE-2022-42039 | 1 Democritus | 1 D8s-lists | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | |||||
| CVE-2022-42038 | 1 Democritus | 1 D8s-ip-addresses | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-42037 | 1 Democritus | 1 D8s-asns | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-42036 | 1 Democritus | 1 D8s-urls | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | |||||
| CVE-2022-42034 | 1 Wedding Planner Project | 1 Wedding Planner | 2024-11-21 | N/A | 8.8 HIGH |
| Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. | |||||
| CVE-2022-42029 | 1 Chamilo | 1 Chamilo | 2024-11-21 | N/A | 8.8 HIGH |
| Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory. | |||||
| CVE-2022-41711 | 1 Uatech | 1 Badaso | 2024-11-21 | N/A | 9.8 CRITICAL |
| Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | |||||
| CVE-2022-41705 | 1 Uatech | 1 Badaso | 2024-11-21 | N/A | 9.8 CRITICAL |
| Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users. | |||||