Skip to main content
CVE-2018-3721 MEDIUM POC PATCH This Month

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Lodash Active Iq Unified Manager System Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2018-3715 MEDIUM POC PATCH This Month

glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Glance
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2018-3714 MEDIUM POC PATCH This Month

node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Node Srv
NVD
CVSS 3.1
6.5
EPSS
8.6%
CVE-2018-3713 MEDIUM POC PATCH This Month

angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Angular Http Server
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2018-3712 MEDIUM POC PATCH This Month

serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Serve
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-3735 MEDIUM POC This Month

bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bracket Template
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2018-3726 MEDIUM POC PATCH This Month

crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Crud File Server
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2018-3738 MEDIUM POC PATCH This Month

protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Protobufjs
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2018-3717 MEDIUM POC PATCH This Month

connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Connect
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2018-3716 MEDIUM POC PATCH This Month

simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simplehttpserver
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-3718 MEDIUM POC PATCH This Month

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Serve
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2018-0352 MEDIUM This Month

A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to elevate their privilege level to root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Wide Area Application Services
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-6670 MEDIUM This Month

External Entity Attack vulnerability in the ePO extension in McAfee Common UI (CUI) 2.0.2 allows remote authenticated users to view confidential information via a crafted HTTP request parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Common Catalog
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-7689 MEDIUM This Month

Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-7688 MEDIUM This Month

A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-0357 MEDIUM This Month

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-0356 MEDIUM This Month

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0355 MEDIUM This Month

A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Unified Communications Manager
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2018-0354 MEDIUM This Month

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unity Connection
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0339 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine Software
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-12043 MEDIUM PATCH This Month

content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Symphony
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0333 MEDIUM This Month

A vulnerability in the VPN configuration management of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass VPN security due to unintended side effects of dynamic. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Secure Firewall Management Center
NVD
CVSS 3.0
5.8
EPSS
1.9%
CVE-2018-0340 MEDIUM This Month

A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.0
5.4
EPSS
1.3%
CVE-2018-0329 MEDIUM This Month

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Wide Area Application Services
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2018-0334 MEDIUM This Month

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Microsoft Cisco Anyconnect Secure Mobility Client
NVD
CVSS 3.0
4.8
EPSS
1.0%
CVE-2018-0149 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Integrated Management Controller Supervisor
NVD
CVSS 3.0
4.8
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy