Skip to main content
CVE-2018-12432 MEDIUM POC PATCH This Month

JavaMelody through 1.60.0 has XSS via the counter parameter in a clear_counter action to the /monitoring URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Javamelody
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-11690 MEDIUM POC THREAT This Month

The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gridbox
NVD
CVSS 3.0
6.1
EPSS
33.5%
CVE-2018-11689 MEDIUM POC This Month

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Smartviewer Hrd 1642 Firmware Hrd 842 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2018-12431 MEDIUM POC This Month

SeaCMS V6.61 has XSS via the site name parameter on an adm1n/admin_config.php page (aka a system management page). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Seacms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-10821 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Blackcat Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2018-8140 MEDIUM PATCH This Month

An Elevation of Privilege vulnerability exists when Cortana retrieves data from user input services without consideration for status, aka "Cortana Elevation of Privilege Vulnerability." This affects. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 1803 Windows Server 2016
NVD
CVSS 3.0
6.8
EPSS
1.6%
CVE-2018-8927 MEDIUM This Month

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Calendar
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-8244 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Outlook Outlook Rt
NVD
CVSS 3.0
6.5
EPSS
4.9%
CVE-2018-8175 MEDIUM PATCH This Month

An denial of service vulnerability exists when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory, aka "WEBDAV Denial of Service Vulnerability." This affects Windows 10 Servers, Windows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 1803 Windows Server 2016
NVD
CVSS 3.0
6.5
EPSS
6.7%
CVE-2018-8113 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW), aka "Internet Explorer Security Feature Bypass Vulnerability." This. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Internet Explorer
NVD
CVSS 3.0
6.5
EPSS
4.9%
CVE-2018-4848 MEDIUM This Month

A vulnerability has been identified in SCALANCE X-200 switch family (incl. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Siemens Scalance X300 Firmware Scalance X 200 Irt Firmware Scalance X 200 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-12418 MEDIUM PATCH This Month

Archive.java in Junrar before 1.0.1, as used in Apache Tika and other products, is affected by a denial of service vulnerability due to an infinite loop when handling corrupt RAR files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Java Denial Of Service Apache Junrar
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-8246 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Excel Excel Viewer Office +1
NVD
CVSS 3.0
5.5
EPSS
17.4%
CVE-2018-8239 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows Server 1803 Windows Server 2016
NVD
CVSS 3.0
5.5
EPSS
58.5%
CVE-2018-8205 MEDIUM This Month

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
1.6%
CVE-2018-8254 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Project Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.0
5.4
EPSS
2.3%
CVE-2018-8252 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.0
5.4
EPSS
2.3%
CVE-2018-8247 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Office Online Server Office Web Apps
NVD
CVSS 3.0
5.4
EPSS
3.2%
CVE-2018-8221 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2018-8217 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2018-8216 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2018-8215 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2018-8212 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2018-8211 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2018-1040 MEDIUM This Month

A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka "Windows Code Integrity Module Denial of Service Vulnerability." This affects Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +3
NVD
CVSS 3.0
5.3
EPSS
6.7%
CVE-2018-4842 MEDIUM This Month

A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Siemens Scalance X200Irt Firmware Scalance X300 Firmware Scalance X200 Firmware
NVD
CVSS 3.0
4.8
EPSS
0.8%
CVE-2018-8207 MEDIUM This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 4.7). No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
4.7
EPSS
2.4%
CVE-2018-8121 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10. Rated medium severity (CVSS 4.7).

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
4.7
EPSS
1.4%
CVE-2018-8201 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy. Rated medium severity (CVSS 4.5).

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
4.5
EPSS
1.8%
CVE-2018-8235 MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Edge
NVD
CVSS 3.0
4.3
EPSS
2.7%
CVE-2018-8234 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
5.7%
CVE-2018-0871 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Edge improperly marks files, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
5.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy