Skip to main content
CVE-2018-18925 CRITICAL POC PATCH THREAT Act Now

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation RCE Gogs
NVD GitHub
CVSS 3.0
9.8
EPSS
31.9%
CVE-2018-18928 CRITICAL PATCH Act Now

International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow International Components For Unicode
NVD GitHub
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-18926 CRITICAL PATCH Act Now

Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Session Fixation RCE Gitea
NVD GitHub
CVSS 3.0
9.8
EPSS
3.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy