Skip to main content
CVE-2018-11096 MEDIUM POC This Month

Horse Market Sell & Rent Portal Script 1.5.7 has a CSRF vulnerability through which an attacker can change all of the target's account information remotely. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Horse Market Sell Rent Portal
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-11092 MEDIUM POC PATCH This Month

An issue was discovered in the Admin Notes plugin 1.1 for MyBB. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Admin Notes
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1067 MEDIUM PATCH This Month

In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Undertow Jboss Enterprise Application Platform Virtualization Host
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2018-1108 MEDIUM This Month

kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Linux Linux Kernel Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2018-8010 MEDIUM PATCH This Month

This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

XXE Apache Solr
NVD
CVSS 3.0
5.5
EPSS
3.9%
CVE-2018-7268 MEDIUM This Month

MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sysinfo
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-8142 MEDIUM PATCH This Month

A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-11330 MEDIUM PATCH This Month

An issue was discovered in Pluck before 4.7.6. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pluck
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy