Skip to main content
CVE-2018-12323 MEDIUM POC This Month

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Momentum Axel 720P Momentum Axel 720P Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-12040 MEDIUM POC This Month

Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Symfony
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-11688 MEDIUM POC PATCH This Month

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfire
NVD GitHub
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-12290 MEDIUM POC This Month

The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yii2 Statemachine
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-12273 MEDIUM POC This Month

The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ximdex
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-12272 MEDIUM POC This Month

xowl/request.php in Ximdex 4.0 has XSS via the content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Ximdex
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-12266 MEDIUM POC This Month

system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Hongcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-1121 MEDIUM POC This Month

procps-ng, procps is vulnerable to a process hiding through race condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Procps
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
4.2%
CVE-2018-12339 MEDIUM POC This Month

ArticleCMS through 2017-02-19 has XSS via an "add an article" action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Articlecms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-0495 MEDIUM POC PATCH This Month

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Libgcrypt Ubuntu Linux Debian Linux Ansible Tower +4
NVD
CVSS 3.0
4.7
EPSS
0.9%
CVE-2018-5434 MEDIUM This Month

The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Runtime Agent
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-5433 MEDIUM This Month

The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Administrator
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-12271 MEDIUM This Month

An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Apple Dropbox
NVD GitHub
CVSS 3.0
6.4
EPSS
0.4%
CVE-2018-5242 MEDIUM This Month

Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Norton App Lock
NVD
CVSS 3.0
6.2
EPSS
0.4%
CVE-2018-12355 MEDIUM This Month

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Knowage
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2018-12353 MEDIUM This Month

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Knowage
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-11408 MEDIUM PATCH This Month

The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Symfony Debian Linux
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-10850 MEDIUM PATCH This Month

389-ds-base before versions 1.4.0.10, 1.3.8.3 is vulnerable to a race condition in the way 389-ds-base handles persistent search, resulting in a crash if the server is under load. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service 389 Directory Server Debian Linux Enterprise Linux +6
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-11386 MEDIUM PATCH This Month

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Symfony Debian Linux
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-10407 MEDIUM This Month

An issue was discovered in Carbon Black Cb Response. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Apple Carbon Black Cb
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-12322 MEDIUM PATCH This Month

There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-5432 MEDIUM This Month

The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Administrator
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-7559 MEDIUM PATCH This Month

An issue was discovered in OPC UA .NET Standard Stack and Sample Code before GitHub commit 2018-04-12, and OPC UA .NET Legacy Stack and Sample Code before GitHub commit 2018-03-13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Oracle Information Disclosure Ua Net Legacy Ua Netstandard
NVD GitHub
CVSS 3.0
5.3
EPSS
1.6%
CVE-2018-1393 MEDIUM PATCH This Month

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.6 could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Financial Transaction Manager
NVD
CVSS 3.0
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy