Total
2765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3257 | 1 Mattermost | 1 Mattermost Server | 2022-09-26 | N/A | 6.5 MEDIUM |
| Mattermost version 7.1.x and earlier fails to sufficiently process a specifically crafted GIF file when it is uploaded while drafting a post, which allows authenticated users to cause resource exhaustion while processing the file, resulting in server-side Denial of Service. | |||||
| CVE-2022-2872 | 1 Octoprint | 1 Octoprint | 2022-09-23 | N/A | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. | |||||
| CVE-2022-40431 | 1 D8s-pdfs Project | 1 D8s-pdfs | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-40432 | 1 D8s-strings Project | 1 D8s-strings | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0. | |||||
| CVE-2022-38882 | 1 D8s-json Project | 1 D8s-json | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38884 | 1 D8s-grammars Project | 1 D8s-grammars | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38883 | 1 D8s-math Project | 1 D8s-math | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-math for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38881 | 1 D8s-archives Project | 1 D8s-archives | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38885 | 1 D8s-netstrings Project | 1 D8s-netstrings | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-netstrings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38886 | 1 D8s-xml Project | 1 D8s-xml | 2022-09-21 | N/A | 9.8 CRITICAL |
| The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0. | |||||
| CVE-2022-38843 | 1 Espocrm | 1 Espocrm | 2022-09-17 | N/A | 8.8 HIGH |
| EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server. | |||||
| CVE-2022-38305 | 1 Aerocms Project | 1 Aerocms | 2022-09-17 | N/A | 8.8 HIGH |
| AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-38323 | 1 Event Management System Project | 1 Event Management System | 2022-09-16 | N/A | 7.2 HIGH |
| Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-44426 | 1 Anydesk | 1 Anydesk | 2022-09-16 | N/A | 8.8 HIGH |
| An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. An upload of an arbitrary file to a victim's local ~/Downloads/ directory is possible if the victim is using the AnyDesk Windows client to connect to a remote machine, if an attacker is also connected remotely with AnyDesk to the same remote machine. The upload is done without any approval or action taken by the victim. | |||||
| CVE-2022-37140 | 1 Techvill | 1 Paymoney | 2022-09-16 | N/A | 8.0 HIGH |
| PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file. | |||||
| CVE-2022-36667 | 1 Garage Management System Project | 1 Garage Management System | 2022-09-16 | N/A | 8.8 HIGH |
| Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE. | |||||
| CVE-2022-38296 | 1 Cuppacms | 1 Cuppacms | 2022-09-15 | N/A | 9.8 CRITICAL |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. | |||||
| CVE-2022-3129 | 1 Online Driving School Project Project | 1 Online Driving School Project | 2022-09-12 | N/A | 9.8 CRITICAL |
| A vulnerability was found in codeprojects Online Driving School. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registration.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207872. | |||||
| CVE-2020-21516 | 1 Feehi | 1 Feehicms | 2022-09-09 | N/A | 9.8 CRITICAL |
| There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code. | |||||
| CVE-2022-37184 | 1 Garage Management System Project | 1 Garage Management System | 2022-09-07 | N/A | 8.8 HIGH |
| The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. | |||||