Skip to main content
CVE-2018-7443 MEDIUM POC This Month

The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
3.3%
CVE-2018-6868 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Groupon Clone Script
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-6867 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Alibaba Clone Script
NVD Exploit-DB GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-6866 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Learning And Examination Management System Script
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.5%
CVE-2018-1305 MEDIUM PATCH This Month

Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Tomcat Debian Linux Ubuntu Linux +3
NVD
CVSS 3.0
6.5
EPSS
14.7%
CVE-2018-0518 MEDIUM This Month

LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Line
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2018-0519 MEDIUM This Month

Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fs010W Firmware
NVD
CVSS 3.0
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy