Skip to main content
CVE-2018-10312 HIGH POC This Week

index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wuzhicms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-3836 HIGH POC This Week

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Leptonica Debian Linux
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-10311 MEDIUM POC This Month

A vulnerability was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhicms
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-10305 CRITICAL Act Now

The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Simple Machines Forum
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-6491 CRITICAL Act Now

Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ucmdb Configuration Manager
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2018-10323 MEDIUM POC PATCH This Month

The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Ubuntu Linux +1
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-10322 MEDIUM POC PATCH This Month

The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Virtualization Host +3
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-10316 MEDIUM POC This Month

Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-10313 MEDIUM POC This Month

WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Wuzhicms
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
2.2%
CVE-2018-10309 MEDIUM POC This Month

The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Cookie Consent
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
2.9%
CVE-2018-7932 HIGH This Week

Huawei AppGallery versions before 8.0.4.301 has an arbitrary Javascript running vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Appgallery
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-10321 MEDIUM POC This Month

Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Frogcms
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%
CVE-2018-10320 MEDIUM POC This Month

Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Frogcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-10319 MEDIUM POC This Month

Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] parameter, aka Edit Snippet. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Frogcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-10318 MEDIUM POC This Month

Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Frogcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-4832 HIGH This Week

A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All versions), OpenPCS 7 V8.0 (All versions), OpenPCS 7 V8.1 (All versions < V8.1 Upd5), OpenPCS 7 V8.2 (All versions), OpenPCS 7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openpcs 7 Simatic Batch Simatic Net Pc Simatic Pcs 7 +5
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2018-10328 HIGH This Week

Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Momentum Axel 720P Firmware
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2018-7751 MEDIUM PATCH This Month

The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ffmpeg
NVD
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-1059 MEDIUM This Month

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Ubuntu Linux Ceph Storage Enterprise Linux Fast Datapath Openshift +5
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-5228 MEDIUM This Month

The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Fisheye Crucible
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-10329 MEDIUM This Month

app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Phpipam
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-7931 MEDIUM This Month

Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism bypass vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Appgallery
NVD
CVSS 3.0
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy