Skip to main content
CVE-2018-10572 MEDIUM POC PATCH This Month

interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass PHP Openemr
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-10554 MEDIUM POC This Month

An issue was discovered in Nagios XI 5.4.13. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Nagios Xi
NVD
CVSS 3.0
5.4
EPSS
2.7%
CVE-2018-10570 MEDIUM POC This Month

Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Frogcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-1277 MEDIUM This Month

Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Docker Garden Runc Cf Deployment
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-1389 MEDIUM This Month

IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated LoopBack APIs for a Model using the BelongsTo/HasMany relationship allowing unauthorized modification of information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Api Connect
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-10553 MEDIUM This Month

An issue was discovered in Nagios XI 5.4.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal PHP Nagios Xi
NVD
CVSS 3.0
6.5
EPSS
39.5%
CVE-2018-10571 MEDIUM PATCH This Month

Multiple reflected cross-site scripting (XSS) vulnerabilities in OpenEMR before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) patient parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Openemr
NVD GitHub
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-0711 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qnap Qts
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-10364 MEDIUM PATCH This Month

BigTree before 4.2.22 has XSS in the Users management page via the name or company field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bigtree Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-1430 MEDIUM This Month

IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Api Connect
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1000172 MEDIUM This Month

Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nextgen Gallery
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-7901 MEDIUM This Month

RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Alp Al00B Firmware Bla Al00B Firmware
NVD
CVSS 3.0
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy