Total
2510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40035 | 1 Blog-ssm Project | 1 Blog-ssm | 2024-08-03 | 8.8 High |
| File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component. | ||||
| CVE-2022-39978 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2024-08-03 | 7.2 High |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | ||||
| CVE-2022-39983 | 1 Instantdeveloper | 1 Rd3 | 2024-08-03 | 9.8 Critical |
| File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows attackers to execute arbitrary code. | ||||
| CVE-2022-39977 | 1 Online Pet Shop We App Project | 1 Online Pet Shop We App | 2024-08-03 | 7.2 High |
| Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the User module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point. | ||||
| CVE-2022-39305 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2024-08-03 | 9.8 Critical |
| Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This issue is patched in 2.5.4b. There are no known workarounds. | ||||
| CVE-2022-39301 | 1 Sra-admin Project | 1 Sra-admin | 2024-08-03 | 8.2 High |
| sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting (XSS) vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" - "Profile Picture Upload" allowing theft of the user's personal information. This issue has been patched in 1.1.2. There are no known workarounds. | ||||
| CVE-2022-39019 | 1 M-files | 1 Hubshare | 2024-08-03 | 6.3 Medium |
| Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. | ||||
| CVE-2022-38881 | 1 D8s-archives Project | 1 D8s-archives | 2024-08-03 | 9.8 Critical |
| The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38916 | 1 Pagekit | 1 Pagekit | 2024-08-03 | 9.8 Critical |
| A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files | ||||
| CVE-2022-38882 | 1 D8s-json Project | 1 D8s-json | 2024-08-03 | 9.8 Critical |
| The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38877 | 1 Garage Management System Project | 1 Garage Management System | 2024-08-03 | 7.2 High |
| Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1. | ||||
| CVE-2022-38884 | 1 D8s-grammars Project | 1 D8s-grammars | 2024-08-03 | 9.8 Critical |
| The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38885 | 1 D8s-netstrings Project | 1 D8s-netstrings | 2024-08-03 | 9.8 Critical |
| The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38886 | 1 D8s-xml Project | 1 D8s-xml | 2024-08-03 | 9.8 Critical |
| The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38883 | 1 D8s-math Project | 1 D8s-math | 2024-08-03 | 9.8 Critical |
| The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38887 | 1 D8s-python Project | 1 D8s-python | 2024-08-03 | 9.8 Critical |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The democritus-strings package. The affected version is 0.1.0. | ||||
| CVE-2022-38843 | 1 Espocrm | 1 Espocrm | 2024-08-03 | 8.8 High |
| EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server. | ||||
| CVE-2022-38323 | 1 Event Management System Project | 1 Event Management System | 2024-08-03 | 7.2 High |
| Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-38296 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 9.8 Critical |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. | ||||
| CVE-2022-38305 | 1 Aerocms Project | 1 Aerocms | 2024-08-03 | 8.8 High |
| AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||