Skip to main content
CVE-2018-18925 CRITICAL POC PATCH THREAT Act Now

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation RCE Gogs
NVD GitHub
CVSS 3.0
9.8
EPSS
31.9%
CVE-2018-18924 HIGH POC This Week

The image-upload feature in ProjeQtOr 7.2.5 allows remote attackers to execute arbitrary code by uploading a .shtml file with "#exec cmd" because rejected files remain on the server, with predictable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Projeqtor
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
9.5%
CVE-2018-18928 CRITICAL PATCH Act Now

International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow International Components For Unicode
NVD GitHub
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-18926 CRITICAL PATCH Act Now

Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation RCE Gitea
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-18927 MEDIUM POC This Month

An issue was discovered in PublicCMS V4.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Publiccms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18919 MEDIUM POC This Month

The WP Editor.md plugin 10.0.1 for WordPress allows XSS via the comment area. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Editor Md
NVD GitHub
CVSS 3.0
4.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy