Skip to main content
CVE-2018-12919 MEDIUM POC This Month

In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Craftedweb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-12905 MEDIUM POC THREAT This Month

joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
42.2%
CVE-2018-12904 MEDIUM POC PATCH This Month

In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial. Rated medium severity (CVSS 4.9), this vulnerability is no authentication required. Public exploit code available.

Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.0
4.9
EPSS
1.2%
CVE-2018-1354 MEDIUM This Month

An improper access control vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows a regular user edit the avatar picture of other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortinet Fortianalyzer Fortimanager
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-1355 MEDIUM This Month

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Open Redirect Fortianalyzer Fortimanager
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-1543 MEDIUM This Month

IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-1507 MEDIUM This Month

IBM DOORS Next Generation (DNG/RRC) 6.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Doors Next Generation
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-5528 MEDIUM This Month

Under certain conditions, TMM may restart and produce a core file while processing APM data on BIG-IP 13.0.1 or 13.1.0.4-13.1.0.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-12536 MEDIUM PATCH This Month

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jetty Retail Xstore Point Of Service
NVD
CVSS 3.1
5.3
EPSS
4.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy