Skip to main content
CVE-2018-10177 MEDIUM POC This Month

In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGImage function of the coders/png.c file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-10138 MEDIUM POC This Month

The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netstore
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10136 MEDIUM POC This Month

iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Uberforx
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10135 MEDIUM POC This Month

iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Eswap
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10108 MEDIUM POC This Month

D-Link DIR-815 REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 815 Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-10107 MEDIUM POC This Month

D-Link DIR-815 REV. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link PHP Dir 815 Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-10097 MEDIUM POC This Month

XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domain Trader
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-10124 MEDIUM POC PATCH This Month

The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Denial Of Service Buffer Overflow Linux Kernel Debian Linux +1
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-10121 MEDIUM POC This Month

plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Monstra
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-10118 MEDIUM POC This Month

Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Monstra
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
2.9%
CVE-2018-10109 MEDIUM POC This Month

Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monstra
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
2.2%
CVE-2018-0560 MEDIUM This Month

Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attackers to spoof the address bar via vectors related to URL display. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Hatena Bookmark
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-10128 MEDIUM This Month

An issue was discovered in XYHCMS 3.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Xyhcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10102 MEDIUM PATCH This Month

Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
5.3%
CVE-2018-10101 MEDIUM PATCH This Month

Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

WordPress Open Redirect Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
3.3%
CVE-2018-10100 MEDIUM PATCH This Month

Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

WordPress Open Redirect Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
3.4%
CVE-2018-0737 MEDIUM This Month

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

OpenSSL Information Disclosure Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
12.0%
CVE-2018-0551 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-0549 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1000170 MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-1000169 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure
NVD
CVSS 3.0
5.3
EPSS
1.4%
CVE-2018-0533 MEDIUM This Month

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.9
EPSS
1.4%
CVE-2018-9169 MEDIUM This Month

Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS PHP Z Blogphp
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-5382 MEDIUM PATCH This Month

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bc Java Satellite Satellite Capsule
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2018-0550 MEDIUM This Month

Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-0548 MEDIUM This Month

Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-0531 MEDIUM This Month

Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.0
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy