Total
2510 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-43050 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2024-08-03 | 7.2 High |
Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-43083 | 1 Vehicle Booking System Project | 1 Vehicle Booking System | 2024-08-03 | 7.2 High |
An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-43074 | 1 Ayacms Project | 1 Ayacms | 2024-08-03 | 9.8 Critical |
AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-42971 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2024-08-03 | 9.8 Critical |
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | ||||
CVE-2022-42092 | 1 Backdropcms | 1 Backdrop Cms | 2024-08-03 | 7.2 High |
Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required. | ||||
CVE-2022-42443 | 2024-08-03 | 2.2 Low | ||
An undisclosed issue in Trusteer iOS SDK for mobile versions prior to 5.7 and Trusteer Android SDK for mobile versions prior to 5.7 may allow uploading of files. IBM X-Force ID: 238535. | ||||
CVE-2022-42287 | 1 Nvidia | 2 Bmc, Dgx A100 | 2024-08-03 | 6 Medium |
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. | ||||
CVE-2022-42198 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2024-08-03 | 8.8 High |
In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload. | ||||
CVE-2022-42229 | 1 Wedding Planner Project | 1 Wedding Planner | 2024-08-03 | 8.8 High |
Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. | ||||
CVE-2022-42201 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2024-08-03 | 7.2 High |
Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure file upload. | ||||
CVE-2022-42154 | 1 74cms | 1 74cmsse | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-42189 | 1 Emlog | 1 Emlog | 2024-08-03 | 7.2 High |
Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (RCE) vulnerability. | ||||
CVE-2022-42043 | 1 Democritus | 1 D8s-xml | 2024-08-03 | 9.8 Critical |
The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | ||||
CVE-2022-42044 | 1 Democritus | 1 D8s-asns | 2024-08-03 | 9.8 Critical |
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | ||||
CVE-2022-42034 | 1 Wedding Planner Project | 1 Wedding Planner | 2024-08-03 | 8.8 High |
Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. | ||||
CVE-2022-42040 | 1 Democritus | 1 D8s-algorithms | 2024-08-03 | 9.8 Critical |
The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | ||||
CVE-2022-42037 | 1 Democritus | 1 D8s-asns | 2024-08-03 | 9.8 Critical |
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | ||||
CVE-2022-42039 | 1 Democritus | 1 D8s-lists | 2024-08-03 | 9.8 Critical |
The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | ||||
CVE-2022-42038 | 1 Democritus | 1 D8s-ip-addresses | 2024-08-03 | 9.8 Critical |
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | ||||
CVE-2022-42036 | 1 Democritus | 1 D8s-urls | 2024-08-03 | 9.8 Critical |
The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. |