← Back
CWE-434

4,107 CVEs • Abstraction: Base • Likelihood of Exploit: Medium

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

JSON object

Loading...

CVEs (4,107)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-42044
1Democritus
1D8s Asns
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.
CVE-2022-42043
1Democritus
1D8s Xml
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0.
CVE-2022-42040
1Democritus
1D8s Algorithms
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.
CVE-2022-42039
1Democritus
1D8s Lists
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0.
CVE-2022-42038
1Democritus
1D8s Ip Addresses
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.
CVE-2022-42037
1Democritus
1D8s Asns
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.
CVE-2022-42036
1Democritus
1D8s Urls
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0.
CVE-2022-41387
1Democritus
1D8s Pdfs
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.
CVE-2022-41386
1Democritus
1D8s Utility
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.
CVE-2022-41385
1Democritus
1D8s Html
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.
CVE-2022-41384
1Democritus
1D8s Domains
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.
CVE-2022-41383
1Democritus
1D8s Archives
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
CVE-2022-41382
1Democritus
1D8s Json
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
CVE-2022-41381
1Democritus
1D8s Utility
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
CVE-2022-41380
1Democritus
1D8s Yaml
Jun 17, 2026
Oct 11, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
CVE-2022-42229
1Wedding Planner Project
1Wedding Planner
Jun 17, 2026
Oct 11, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
Wedding Planner v1.0 is vulnerable to Arbitrary code execution via package_edit.php.
CVE-2022-42034
1Wedding Planner Project
1Wedding Planner
Jun 17, 2026
Oct 11, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php.
CVE-2022-3436
1Web Based Student Clearance System Project
1Web Based Student Clearance System
Jun 17, 2026
Oct 9, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Photo Hand...Show more
A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210367.Show less
CVE-2022-41379
1Online Leave Management System Project
1Online Leave Management System
Jun 17, 2026
Oct 7, 2022
N/A· v4
7.2 HIGH· v3
N/A· v2
An arbitrary file upload vulnerability in the component /leave_system/classes/Users.php?f=save of Online Leave Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-42092
1Backdropcms
1Backdrop Cms
Jun 17, 2026
Oct 7, 2022
N/A· v4
7.2 HIGH· v3
N/A· v2
Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'themes' that allows attackers to Remote Code Execution. Note: Third parties dispute this and argue that advanced permissions are required.