Export limit exceeded: 351514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41387 | 1 Democritus | 1 D8s-pdfs | 2025-05-20 | 9.8 Critical |
| The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | ||||
| CVE-2022-41386 | 1 Democritus | 1 D8s-utility | 2025-05-20 | 9.8 Critical |
| The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | ||||
| CVE-2022-41382 | 1 Democritus | 1 D8s-json | 2025-05-20 | 9.8 Critical |
| The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | ||||
| CVE-2022-41381 | 1 Democritus | 1 D8s-utility | 2025-05-20 | 9.8 Critical |
| The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | ||||
| CVE-2022-41380 | 1 Democritus | 1 D8s-yaml | 2025-05-20 | 9.8 Critical |
| The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | ||||
| CVE-2022-29623 | 1 Connect-multiparty Project | 1 Connect-multiparty | 2025-05-20 | 7.8 High |
| An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report. | ||||
| CVE-2022-42229 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-19 | 8.8 High |
| Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php. | ||||
| CVE-2022-42044 | 1 Democritus | 1 D8s-asns | 2025-05-19 | 9.8 Critical |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | ||||
| CVE-2022-42043 | 1 Democritus | 1 D8s-xml | 2025-05-19 | 9.8 Critical |
| The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. | ||||
| CVE-2022-42040 | 1 Democritus | 1 D8s-algorithms | 2025-05-19 | 9.8 Critical |
| The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | ||||
| CVE-2022-42039 | 1 Democritus | 1 D8s-lists | 2025-05-19 | 9.8 Critical |
| The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. | ||||
| CVE-2022-42038 | 1 Democritus | 1 D8s-ip-addresses | 2025-05-19 | 9.8 Critical |
| The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | ||||
| CVE-2024-42180 | 1 Hcltech | 1 Dryice Myxalytics | 2025-05-16 | 1.6 Low |
| HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files. | ||||
| CVE-2024-24393 | 1 Oaooa | 1 Pichome | 2025-05-15 | 9.8 Critical |
| File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. | ||||
| CVE-2023-40265 | 1 Mitel | 1 Unify Openscape Xpressions Webassistant | 2025-05-15 | 8.8 High |
| An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload. | ||||
| CVE-2024-24754 | 1 Mnapoli | 1 Bref | 2025-05-15 | 3.7 Low |
| Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13. | ||||
| CVE-2023-6675 | 1 Nationalkeep | 1 Cybermath | 2025-05-15 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server.This issue affects CyberMath: from v.1.4 before v.1.5. | ||||
| CVE-2022-41537 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-05-15 | 7.2 High |
| Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-41534 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-15 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-41533 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-15 | 7.2 High |
| Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||