Skip to main content
CVE-2018-8967 CRITICAL POC Act Now

An issue was discovered in zzcms 8.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Zzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2018-8972 HIGH POC This Week

Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Cwcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-8969 HIGH POC This Week

An issue was discovered in zzcms 8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2018-8968 HIGH POC This Week

An issue was discovered in zzcms 8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2018-8966 HIGH POC This Week

An issue was discovered in zzcms 8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Zzcms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2018-8965 HIGH POC This Week

An issue was discovered in zzcms 8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zzcms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2018-8973 MEDIUM POC This Month

OTCMS 3.20 allows XSS by adding a keyword or link to an article, as demonstrated by an admin/keyWord_deal.php?mudi=add request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Otcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-8971 CRITICAL Act Now

The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure Debian Linux
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-8970 HIGH PATCH This Week

The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Libressl
NVD GitHub
CVSS 3.0
7.4
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy