Total
2510 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-41381 | 1 Democritus | 1 D8s-utility | 2024-08-03 | 9.8 Critical |
The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | ||||
CVE-2022-41267 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-08-03 | 9.9 Critical |
SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrity, and availability of the application. | ||||
CVE-2022-40886 | 1 Dedecms | 1 Dedecms | 2024-08-03 | 7.2 High |
DedeCMS 5.7.98 has a file upload vulnerability in the background. | ||||
CVE-2022-40925 | 1 Phpgurukul | 1 Zoo Management System | 2024-08-03 | 7.2 High |
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_event" file of the "Events" module in the background management system. | ||||
CVE-2022-40932 | 1 Phpgurukul | 1 Zoo Management System | 2024-08-03 | 7.2 High |
In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system. | ||||
CVE-2022-40924 | 1 Phpgurukul | 1 Zoo Management System | 2024-08-03 | 7.2 High |
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system. | ||||
CVE-2022-40878 | 1 Exam Reviewer Management System Project | 1 Exam Reviewer Management System | 2024-08-03 | 8.8 High |
In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE). | ||||
CVE-2022-40921 | 1 Dedecms | 1 Dedecms | 2024-08-03 | 7.2 High |
DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vulnerability via the component /dede/file_manage_control.php. | ||||
CVE-2022-40896 | 2 Pygments, Redhat | 4 Pygments, Ansible Automation Platform, Satellite and 1 more | 2024-08-03 | 5.5 Medium |
A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. | ||||
CVE-2022-40777 | 1 Interspire | 1 Email Marketer | 2024-08-03 | 8.8 High |
Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550. | ||||
CVE-2022-40797 | 1 Roxyfileman | 1 Roxy Fileman | 2024-08-03 | 9.8 Critical |
Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.) | ||||
CVE-2022-40721 | 1 Creativedream File Uploader Project | 1 Creativedream File Uploader | 2024-08-03 | 9.8 Critical |
Arbitrary file upload vulnerability in php uploader | ||||
CVE-2022-40407 | 1 Chamilo | 1 Chamilo | 2024-08-03 | 8.8 High |
A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file. | ||||
CVE-2022-40432 | 1 D8s-strings Project | 1 D8s-strings | 2024-08-03 | 9.8 Critical |
The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0. | ||||
CVE-2022-40431 | 1 D8s-pdfs Project | 1 D8s-pdfs | 2024-08-03 | 9.8 Critical |
The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | ||||
CVE-2022-40341 | 1 Mojoportal | 1 Mojoportal | 2024-08-03 | 8.8 High |
mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. | ||||
CVE-2022-40087 | 1 Simple College Website Project | 1 Simple College Website | 2024-08-03 | 9.8 Critical |
Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-40050 | 1 Zfile | 1 Zfile | 2024-08-03 | 9.8 Critical |
ZFile v4.1.1 was discovered to contain an arbitrary file upload vulnerability via the component /file/upload/1. | ||||
CVE-2022-40037 | 1 Javaweb Blog Project | 1 Javaweb Blog | 2024-08-03 | 9.8 Critical |
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile. | ||||
CVE-2022-40048 | 1 Flatpress | 1 Flatpress | 2024-08-03 | 7.2 High |
Flatpress v1.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the Upload File function. |