Skip to main content
CVE-2018-6870 MEDIUM POC This Month

Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 via the Listings Search feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Website Seller Script
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10068 MEDIUM POC PATCH This Month

The jDownloads extension before 3.2.59 for Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jdownloads
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.1%
CVE-2018-10072 MEDIUM POC This Month

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953827bf DeviceIoControl call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Windriver
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-10071 MEDIUM POC This Month

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953826DB DeviceIoControl call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Windriver
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-0975 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.0%
CVE-2018-0974 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.6%
CVE-2018-0973 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.6%
CVE-2018-0972 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.6%
CVE-2018-0971 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.6%
CVE-2018-0970 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.6%
CVE-2018-0969 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.6%
CVE-2018-0968 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.7%
CVE-2018-6935 MEDIUM POC This Month

PHP Scripts Mall Student Profile Management System Script v2.0.6 has XSS via the Name field to list_student.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Student Profile Management System Script
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-6904 MEDIUM POC This Month

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Car Rental Script
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-6902 MEDIUM POC This Month

PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Image Sharing Script
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-6900 MEDIUM POC This Month

PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name field on the My Profile page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Website Broker Script
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-10061 MEDIUM POC This Month

Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2018-10060 MEDIUM POC This Month

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2018-10059 MEDIUM POC This Month

Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cacti
NVD GitHub
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-9155 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-9842 MEDIUM POC THREAT This Month

CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Information Disclosure Password Vault
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
14.1%
CVE-2018-10073 MEDIUM POC This Month

joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-8117 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required.

Authentication Bypass Microsoft Wireless Keyboard 850
NVD
CVSS 3.0
6.8
EPSS
1.2%
CVE-2018-1079 MEDIUM This Month

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Path Traversal Pacemaker Command Line Interface Enterprise Linux
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-0950 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Office Compatibility Pack Word
NVD
CVSS 3.0
6.5
EPSS
9.0%
CVE-2018-0964 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V. Rated medium severity (CVSS 6.1).

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-10074 MEDIUM PATCH This Month

The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-8116 MEDIUM PATCH This Month

A denial of service vulnerability exists in the way that Windows handles objects in memory, aka "Microsoft Graphics Component Denial of Service Vulnerability." This affects Windows 7, Windows Server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-0960 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-0887 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-1034 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
5.4
EPSS
2.2%
CVE-2018-1032 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
5.4
EPSS
2.2%
CVE-2018-1014 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
5.4
EPSS
2.2%
CVE-2018-1005 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
5.4
EPSS
2.2%
CVE-2018-1007 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
5.3
EPSS
6.6%
CVE-2018-1000 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Information Disclosure Buffer Overflow Internet Explorer
NVD
CVSS 3.0
5.3
EPSS
7.5%
CVE-2018-0981 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Information Disclosure Buffer Overflow Internet Explorer
NVD
CVSS 3.0
5.3
EPSS
6.5%
CVE-2018-0976 MEDIUM PATCH This Month

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.3
EPSS
4.7%
CVE-2018-0967 MEDIUM PATCH This Month

A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.3
EPSS
18.7%
CVE-2018-0957 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V. Rated medium severity (CVSS 5.3).

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2018-0890 MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
4.3%
CVE-2018-1037 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Microsoft Information Disclosure Visual Studio Visual Studio 2017
NVD
CVSS 3.0
4.3
EPSS
5.9%
CVE-2018-0998 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
5.6%
CVE-2018-0989 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Information Disclosure Buffer Overflow Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
5.4%
CVE-2018-0987 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
6.2%
CVE-2018-0892 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
5.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy