Total
3290 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44053 | 1 Democritus | 1 D8s-networking | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-user-agents package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44052 | 1 Democritus | 1 D8s-dates | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-dates for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-timezones package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44051 | 1 Democritus | 1 D8s-stats | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-stats for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-math package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44050 | 1 Democritus | 1 D8s-networking | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-networking for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-json package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44049 | 1 Democritus | 1 D8s-python | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-grammars package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-44048 | 1 Democritus | 1 D8s-urls | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-domains package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-43306 | 1 Democritus | 1 D8s-timer | 2025-05-05 | N/A | 8.8 HIGH |
| The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-dates package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-43305 | 1 Democritus | 1 D8s-python | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-43304 | 1 Democritus | 1 D8s-timer | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-timer for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-43303 | 1 Democritus | 1 D8s-strings | 2025-05-05 | N/A | 9.8 CRITICAL |
| The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-uuids package. The affected version of d8s-htm is 0.1.0. | |||||
| CVE-2022-43050 | 1 Online Tours And Travels Management System Project | 1 Online Tours And Travels Management System | 2025-05-05 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43085 | 1 Codeastro | 1 Restaurant Pos System | 2025-05-05 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in add_product.php of Restaurant POS System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43083 | 1 Vehicle Booking System Project | 1 Vehicle Booking System | 2025-05-05 | N/A | 7.2 HIGH |
| An arbitrary file upload vulnerability in admin-add-vehicle.php of Vehicle Booking System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-43061 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-05-05 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component /operations/travellers.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-27562 | 2025-05-02 | N/A | 4.6 MEDIUM | ||
| Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications. | |||||
| CVE-2025-0520 | 2025-05-02 | N/A | N/A | ||
| An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7. | |||||
| CVE-2022-42449 | 2025-05-02 | N/A | 4.6 MEDIUM | ||
| Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications | |||||
| CVE-2024-11390 | 2025-05-02 | N/A | 5.4 MEDIUM | ||
| Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser (XSS) via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices. | |||||
| CVE-2025-25016 | 2025-05-02 | N/A | 4.3 MEDIUM | ||
| Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation. | |||||
| CVE-2022-3537 | 1 Addify | 1 Role Based Pricing For Woocommerce | 2025-05-01 | N/A | 8.8 HIGH |
| The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 does not have authorisation and proper CSRF checks, and does not validate files to be uploaded, allowing any authenticated users like subscriber to upload arbitrary files, such as PHP | |||||