Skip to main content
CVE-2018-3838 MEDIUM POC This Month

An exploitable information vulnerability exists in the XCF image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Sdl Image Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2018-9038 MEDIUM POC This Month

Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Monstra
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
9.8%
CVE-2018-9985 MEDIUM POC This Month

The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-8772 MEDIUM POC This Month

Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rt3052 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-9996 MEDIUM POC This Month

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-3837 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2_image-2.0.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Sdl Image Debian Linux Starwind Virtual San
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-9925 MEDIUM POC This Month

An issue was discovered in idreamsoft iCMS through 7.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Icms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-9922 MEDIUM POC This Month

An issue was discovered in idreamsoft iCMS through 7.0.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Icms
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-9993 MEDIUM POC This Month

YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunucms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-9840 MEDIUM PATCH This Month

The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Apple Signal
NVD GitHub
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-2403 MEDIUM This Month

Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Disclosure Management
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-9928 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-2410 MEDIUM This Month

SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Business One
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-2405 MEDIUM This Month

SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Solution Manager
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-2406 MEDIUM This Month

Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Path Traversal Crystal Reports Server
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-5227 MEDIUM This Month

Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian XSS Application Links
NVD
CVSS 3.0
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy