Every CVE whose affected-product data names Zkea Zkeacms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2025-52239 — CVSS 9.8 (critical): An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.
CVE-2020-20670 — CVSS 8.8 (high): An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted…
CVE-2025-10764 — CVSS 6.3 (medium): A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers…
CVE-2025-10471 — CVSS 6.3 (medium): A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs…
CVE-2022-29362 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web…
CVE-2025-10765 — CVSS 4.7 (medium): A security flaw has been discovered in SeriaWei ZKEACMS up to 4.3. This vulnerability affects the function CheckPage/Suggestions in the…
CVE-2025-10766 — CVSS 4.3 (medium): A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs…