Skip to main content
CVE-2018-7741 MEDIUM POC This Month

Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eramba
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-7721 MEDIUM POC This Month

Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-7740 MEDIUM POC This Month

The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Denial Of Service Buffer Overflow Linux Kernel Virtualization Host +5
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-1000117 MEDIUM PATCH This Month

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Microsoft RCE Python Privilege Escalation
NVD GitHub
CVSS 3.1
6.7
EPSS
1.1%
CVE-2018-7564 MEDIUM This Month

Stored XSS exists on Polycom QDX 6000 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qdx 6000 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-7473 MEDIUM This Month

Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Sowifi Hotspot Firmware
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-1000119 MEDIUM PATCH This Month

Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

CSRF Rack Protection
NVD GitHub
CVSS 3.0
5.9
EPSS
2.5%
CVE-2018-7675 MEDIUM This Month

In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Sentinel
NVD
CVSS 3.0
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy