Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-26 | CVE-2018-11501 | Cross-site Scripting vulnerability in Website Seller Script Project Website Seller Script 2.0.3 PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. | 8.8 |
| 2018-05-26 | CVE-2018-11500 | Cross-Site Request Forgery (CSRF) vulnerability in Publiccms 4.0.20180210 An issue was discovered in PublicCMS V4.0.20180210. | 8.8 |
| 2018-05-26 | CVE-2018-11498 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lizard Project Lizard and LZ5 In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). | 7.8 |
| 2018-05-26 | CVE-2018-11494 | Unrestricted Upload of File with Dangerous Type vulnerability in Opencart The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. | 8.0 |
| 2018-05-26 | CVE-2018-11493 | Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms Wuzhi CMS 4.1.0 An issue was discovered in WUZHI CMS 4.1.0. | 8.8 |
| 2018-05-26 | CVE-2018-11490 | Improper Validation of Array Index vulnerability in multiple products The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. | 8.8 |
| 2018-05-26 | CVE-2018-11489 | Improper Validation of Array Index vulnerability in multiple products The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. | 8.8 |
| 2018-05-25 | CVE-2018-11479 | Improper Input Validation vulnerability in Windscribe 1.81 The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. | 7.8 |
| 2018-05-25 | CVE-2018-11475 | Session Fixation vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. | 8.0 |
| 2018-05-25 | CVE-2018-11474 | Session Fixation vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. | 8.0 |