Skip to main content
CVE-2018-9304 MEDIUM POC This Month

In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-9303 MEDIUM POC This Month

In Exiv2 0.26, an assertion failure in BigTiffImage::readData in bigtiffimage.cpp results in an abort. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-8814 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Wolf Cms
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-9252 MEDIUM POC This Month

JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jasper
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-9307 MEDIUM POC This Month

dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dsmall
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-9238 MEDIUM POC This Month

proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yahei Php Prober
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-9235 MEDIUM POC This Month

iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Sonicbb
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-9034 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Relevanssi
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
2.0%
CVE-2018-9237 MEDIUM POC This Month

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easycreate
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.9%
CVE-2018-9236 MEDIUM POC This Month

iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Easycreate
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.9%
CVE-2018-9115 MEDIUM POC This Month

Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sitaware
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
6.0%
CVE-2018-8719 MEDIUM POC THREAT This Month

An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress Information Disclosure Wp Security Audit Log
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
15.8%
CVE-2018-9251 MEDIUM POC This Month

The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Libxml2 Debian Linux
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2018-8813 MEDIUM POC This Month

Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Wolf Cms
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
3.4%
CVE-2018-9119 MEDIUM This Month

An attacker with physical access to a BrilliantTS FUZE card (MCU firmware 0.1.73, BLE firmware 0.7.4) can unlock the card, extract credit card numbers, and tamper with data on the card via Bluetooth. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fuze Card Ble Firmware Fuze Card Mcu Firmware
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2018-1081 MEDIUM PATCH This Month

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
5.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy