Skip to main content
CVE-2018-7997 MEDIUM POC This Month

Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file inclusion tab of the /importTool/preview URI, with a CSV file polluted with malicious JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eramba
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-7996 MEDIUM POC This Month

Eramba e1.0.6.033 has Stored XSS on the tooltip box via the /programScopes description parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eramba
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-7894 MEDIUM POC This Month

Eramba e1.0.6.033 has Reflected XSS in reviews/filterIndex/ThirdPartyRiskReview via the advanced_filter parameter (aka the Search Parameter). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eramba
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-0547 MEDIUM This Month

Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.7 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wp All Import
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-0546 MEDIUM This Month

Cross-site scripting vulnerability in WP All Import plugin prior to version 3.4.6 for WordPress allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wp All Import
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-1071 MEDIUM This Month

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Stack Overflow Zsh Debian Linux +4
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-7290 MEDIUM PATCH This Month

Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, and 18.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tikiwiki Cms Groupware
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-7227 MEDIUM PATCH This Month

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow retrieving of specially crafted URLs without authentication that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Schneider Electric Authentication Bypass Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2018-7537 MEDIUM PATCH This Month

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Ubuntu Linux Django Debian Linux
NVD
CVSS 3.0
5.3
EPSS
4.6%
CVE-2018-7536 MEDIUM PATCH This Month

An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Ubuntu Linux Django Debian Linux +1
NVD GitHub
CVSS 3.0
5.3
EPSS
4.8%
CVE-2018-0525 MEDIUM PATCH This Month

Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jubatus
NVD GitHub
CVSS 3.0
5.3
EPSS
2.5%
CVE-2018-7995 MEDIUM PATCH This Month

Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel Ubuntu Linux +1
NVD
CVSS 3.0
4.7
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy