Skip to main content
CVE-2018-8801 MEDIUM POC This Month

GitLab Community and Enterprise Editions version 8.3 up to 10.x before 10.3 are vulnerable to SSRF in the Services and webhooks component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab SSRF
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-10374 MEDIUM POC This Month

EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) in an index.php?s=/index/search/index.html request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easycms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10366 MEDIUM POC PATCH This Month

An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS User
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-10372 MEDIUM POC This Month

process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Binutils Enterprise Linux Desktop +2
NVD
CVSS 3.0
5.5
EPSS
2.4%
CVE-2018-8716 MEDIUM POC THREAT This Month

WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Identity Server
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
39.3%
CVE-2018-10310 MEDIUM POC This Month

A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cookie Consent
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
3.9%
CVE-2018-10368 MEDIUM POC This Month

An issue was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wuzhicms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-10367 MEDIUM POC This Month

An issue was discovered in WUZHI CMS 4.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wuzhicms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-9102 MEDIUM This Month

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mivoice Connect St 14 2
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-10373 MEDIUM This Month

concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
6.5
EPSS
3.5%
CVE-2018-9104 MEDIUM This Month

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Mivoice Connect St 14 2
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-9103 MEDIUM This Month

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Mivoice Connect St 14 2
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-9101 MEDIUM This Month

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 (21.84.5535.0) and earlier, and Mitel ST 14.2, versions GA27 (19.49.5200.0) and earlier, could allow an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Mivoice Connect St 14 2
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-10208 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise File Sharing
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1339 MEDIUM PATCH This Month

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tika
NVD
CVSS 3.0
5.5
EPSS
2.6%
CVE-2018-1338 MEDIUM PATCH This Month

A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tika
NVD
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-10213 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise File Sharing
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10212 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise File Sharing
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10209 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise File Sharing
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-10206 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise File Sharing
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1363 MEDIUM PATCH This Month

IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Jazz Reporting Service
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-10211 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise File Sharing
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-10210 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enterprise File Sharing
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-10207 MEDIUM This Month

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise File Sharing
NVD
CVSS 3.0
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy