Skip to main content
CVE-2018-9137 MEDIUM POC This Month

Open-AudIT before 2.2 has CSV Injection. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Open Audit
NVD Exploit-DB
CVSS 3.0
6.8
EPSS
2.8%
CVE-2018-10224 MEDIUM POC This Month

An issue was discovered in YzmCMS 3.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Yzmcms
NVD GitHub
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-10223 MEDIUM POC This Month

An issue was discovered in YzmCMS 3.8. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Yzmcms
NVD GitHub
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-10230 MEDIUM POC This Month

Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zend Server
NVD
CVSS 3.0
6.1
EPSS
2.7%
CVE-2018-10227 MEDIUM POC This Month

MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Minicms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-10221 MEDIUM POC This Month

An issue was discovered in WUZHI CMS V4.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhicms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-0275 MEDIUM This Month

A vulnerability in the support tunnel feature of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to access the device's shell. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Identity Services Engine
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2018-2845 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Oracle Denial Of Service Vm Virtualbox
NVD
CVSS 3.0
6.6
EPSS
0.4%
CVE-2018-2822 MEDIUM PATCH This Month

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Cluster Geo). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Oracle Denial Of Service Authentication Bypass Solaris Cluster
NVD
CVSS 3.0
6.6
EPSS
0.4%
CVE-2018-0267 MEDIUM This Month

A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, local attacker to view sensitive data that should be restricted. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Communications Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2018-0229 MEDIUM This Month

A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Denial Of Service Cisco Anyconnect Secure Mobility Client Adaptive Security Appliance Software
NVD
CVSS 3.0
6.5
EPSS
3.6%
CVE-2018-2861 MEDIUM PATCH This Month

Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Microsoft Denial Of Service Retail Back Office
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-2847 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Simphony
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-2823 MEDIUM PATCH This Month

Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Database). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Transportation Management
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-2819 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL MariaDB Ubuntu Linux +12
NVD
CVSS 3.1
6.5
EPSS
3.2%
CVE-2018-2817 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Ubuntu Linux Debian Linux +12
NVD
CVSS 3.1
6.5
EPSS
3.2%
CVE-2018-2805 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL
NVD
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-2784 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Ubuntu Linux MariaDB +5
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2018-2782 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Ubuntu Linux MariaDB +5
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2018-2780 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
3.0%
CVE-2018-2775 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
3.0%
CVE-2018-2758 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL
NVD
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-2747 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Banking Corporate Lending Banking Payments Flexcube Enterprise Limits And Collateral Management +2
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-2738 MEDIUM PATCH This Month

Vulnerability in the Oracle Retail Central Office component of Oracle Retail Applications (subcomponent: Security). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Microsoft Authentication Bypass Retail Central Office
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-2737 MEDIUM PATCH This Month

Vulnerability in the Oracle Retail Returns Management component of Oracle Retail Applications (subcomponent: Security). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Retail Returns Management
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-2587 MEDIUM PATCH This Month

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Access Manager Adaptive Access Manager
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2018-2852 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Guest Access
NVD
CVSS 3.0
6.4
EPSS
0.8%
CVE-2018-2857 MEDIUM PATCH This Month

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Sun Zfs Storage Appliance Kit
NVD
CVSS 3.0
6.3
EPSS
1.4%
CVE-2018-2756 MEDIUM PATCH This Month

Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: WebUI). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Communications Order And Service Management
NVD
CVSS 3.0
6.3
EPSS
1.4%
CVE-2018-2793 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Pt Peopletools
NVD
CVSS 3.0
6.2
EPSS
0.5%
CVE-2018-0276 MEDIUM This Month

A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Connect Im
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0251 MEDIUM This Month

A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance Software
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-0242 MEDIUM This Month

A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Adaptive Security Appliance Software
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-9861 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka image2) plugin for CKEditor (in versions 4.5.10 through 4.9.1; fixed in 4.9.2), as used in Drupal 8 before 8.4.7 and 8.5.x before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enhanced Image Drupal
NVD GitHub
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-2878 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise HCM Shared Components component of Oracle PeopleSoft Products (subcomponent: Notepad). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Human Capital Management Shared Components
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-2859 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Basel Regulatory Capital Internal Ratings Based Approach
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-2854 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Basel Regulatory Capital Basic
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-2838 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Prtl Interaction Hub
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-2821 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-2807 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Securities). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Flexcube Core Banking
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-2788 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-2748 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Banking Corporate Lending Banking Payments Flexcube Enterprise Limits And Collateral Management +2
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-2572 MEDIUM PATCH This Month

Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Agile Product Lifecycle Management For Process
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-2753 MEDIUM PATCH This Month

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Python modules). Rated medium severity (CVSS 6.0).

Oracle Authentication Bypass Python Solaris
NVD
CVSS 3.0
6.0
EPSS
0.5%
CVE-2018-0272 MEDIUM This Month

A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Firepower
NVD
CVSS 3.0
5.9
EPSS
1.3%
CVE-2018-2761 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Oracle Denial Of Service MySQL Debian Linux Ubuntu Linux +12
NVD
CVSS 3.1
5.9
EPSS
4.0%
CVE-2018-2760 MEDIUM PATCH This Month

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Http Server
NVD
CVSS 3.0
5.9
EPSS
2.1%
CVE-2018-0256 MEDIUM This Month

A vulnerability in the peer-to-peer message processing functionality of Cisco Packet Data Network Gateway could allow an unauthenticated, remote attacker to cause the Session Manager (SESSMGR). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Asr 5000 Series Software
NVD
CVSS 3.0
5.8
EPSS
1.6%
CVE-2018-0244 MEDIUM This Month

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy to drop the Server Message Block. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
CVSS 3.0
5.8
EPSS
1.2%
CVE-2018-0243 MEDIUM This Month

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Firepower Threat Defense
NVD
CVSS 3.0
5.8
EPSS
1.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy