Skip to main content
CVE-2018-10680 MEDIUM POC This Month

Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Z Blogphp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0285 MEDIUM This Month

A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Prime Service Catalog
NVD
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-0278 MEDIUM This Month

A vulnerability in the management console of Cisco Firepower System Software could allow an unauthenticated, remote attacker to access sensitive data about the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Secure Firewall Management Center
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2018-8900 MEDIUM This Month

The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sentinel Ldk Rte
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-10568 MEDIUM This Month

XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Disksorter
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10567 MEDIUM This Month

XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vx Search
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10566 MEDIUM This Month

XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dupscout
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10565 MEDIUM This Month

XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Disksavvy
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10564 MEDIUM This Month

XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Diskpulse
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10563 MEDIUM This Month

An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Syncbreeze
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10294 MEDIUM This Month

Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Diskboss
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10665 MEDIUM PATCH This Month

ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to shib_logout.php and third-party demo files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ilias
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-0283 MEDIUM This Month

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Secure Firewall Management Center
NVD
CVSS 3.0
5.8
EPSS
1.4%
CVE-2018-0281 MEDIUM This Month

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to restart an instance of the Snort detection engine on an affected device,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Secure Firewall Management Center
NVD
CVSS 3.0
5.8
EPSS
1.4%
CVE-2018-5518 MEDIUM This Month

On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Rated medium severity (CVSS 5.4). No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2018-0288 MEDIUM This Month

A vulnerability in Cisco WebEx Recording Format (WRF) Player could allow an unauthenticated, remote attacker to access sensitive data about the application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Webex Meetings Online
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2018-0286 MEDIUM This Month

A vulnerability in the netconf interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xr
NVD
CVSS 3.1
5.3
EPSS
3.3%
CVE-2018-0245 MEDIUM This Month

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to view system information that under normal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Wireless Lan Controller Software
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2018-5519 MEDIUM This Month

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-0247 MEDIUM This Month

A vulnerability in Web Authentication (WebAuth) clients for the Cisco Wireless LAN Controller (WLC) and Aironet Access Points running Cisco IOS Software could allow an unauthenticated, adjacent. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Wireless Lan Controller Software Aironet Access Point Software
NVD
CVSS 3.0
4.7
EPSS
0.9%
CVE-2018-5516 MEDIUM This Month

On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +13
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-5520 MEDIUM This Month

On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
4.4
EPSS
1.0%
CVE-2018-5515 MEDIUM This Month

On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
4.4
EPSS
3.2%
CVE-2018-0249 MEDIUM This Month

A vulnerability when handling incoming 802.11 Association Requests for Cisco Aironet 1800 Series Access Point (APs) on Qualcomm Atheros (QCA) based hardware platforms could allow an unauthenticated,. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Cisco Aironet Access Point Software
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2018-1468 MEDIUM PATCH This Month

IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-0250 MEDIUM This Month

A vulnerability in Central Web Authentication (CWA) with FlexConnect Access Points (APs) for Cisco Aironet 1560, 1810, 1810w, 1815, 1830, 1850, 2800, and 3800 Series APs could allow an authenticated,. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Aironet Access Point Software
NVD
CVSS 3.0
4.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy