Skip to main content
CVE-2018-14382 MEDIUM POC This Month

InstantCMS 2.10.1 has /redirect?url= XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Instantcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-14381 MEDIUM POC PATCH This Month

Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Pagekit
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-14388 MEDIUM POC This Month

joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Joyplus Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-14082 MEDIUM POC This Month

PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Job Portal
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-12429 MEDIUM POC This Month

JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jeesns
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-3004 MEDIUM POC PATCH This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Java Oracle Authentication Bypass Database Server
NVD
CVSS 3.0
5.3
EPSS
2.7%
CVE-2018-2988 MEDIUM PATCH This Month

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Products). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.0
6.9
EPSS
1.9%
CVE-2018-0342 MEDIUM This Month

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Cisco Vbond Orchestrator +11
NVD
CVSS 3.0
6.7
EPSS
0.5%
CVE-2018-2888 MEDIUM PATCH This Month

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Rated medium severity (CVSS 6.7).

Oracle Microsoft Denial Of Service Authentication Bypass Micros Retail J
NVD
CVSS 3.0
6.7
EPSS
0.5%
CVE-2018-0393 MEDIUM This Month

A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attacker to make policy changes in the Policy Builder. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Mobility Services Engine 3365 Firmware Mobility Services Engine 3355 Firmware Mobility Services Engine 3310 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-10877 MEDIUM PATCH This Month

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Linux Ubuntu Linux Linux Kernel +2
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-3073 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2018-3070 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +4
NVD
CVSS 3.0
6.5
EPSS
3.6%
CVE-2018-3065 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +3
NVD
CVSS 3.0
6.5
EPSS
3.7%
CVE-2018-3060 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +4
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2018-3041 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Flexcube Enterprise Limits And Collateral Management
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-3040 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Banking Corporate Lending
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-3030 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Flexcube Investor Servicing
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-3022 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Banking Payments
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-3014 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Reports). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Opera Property Management
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-3013 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Report Server Config). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Opera Property Management
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-2979 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Flexcube Universal Banking
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-2977 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-2968 MEDIUM PATCH This Month

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Primavera Unifier
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-2947 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-2925 MEDIUM PATCH This Month

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Business Intelligence Publisher
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-2904 MEDIUM PATCH This Month

Vulnerability in the Oracle Communications EAGLE LNP Application Processor component of Oracle Communications Applications (subcomponent: GUI). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Communications Eagle Local Number Portability Application Processor
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-3053 MEDIUM PATCH This Month

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcomponent: Internal Operations). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Retail Customer Management And Segmentation Foundation
NVD
CVSS 3.0
6.4
EPSS
1.1%
CVE-2018-3052 MEDIUM PATCH This Month

Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications (subcomponent: Internal Operations). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Micros Relate Customer Relationship Management Software
NVD
CVSS 3.0
6.4
EPSS
1.1%
CVE-2018-3091 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Vm Virtualbox
NVD
CVSS 3.0
6.3
EPSS
0.6%
CVE-2018-3037 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Flexcube Enterprise Limits And Collateral Management
NVD
CVSS 3.0
6.3
EPSS
1.4%
CVE-2018-3036 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Banking Corporate Lending
NVD
CVSS 3.0
6.3
EPSS
1.4%
CVE-2018-3028 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Flexcube Investor Servicing
NVD
CVSS 3.0
6.3
EPSS
1.4%
CVE-2018-3020 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Banking Payments
NVD
CVSS 3.0
6.3
EPSS
1.4%
CVE-2018-2974 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Flexcube Universal Banking
NVD
CVSS 3.0
6.3
EPSS
1.4%
CVE-2018-2881 MEDIUM PATCH This Month

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Database). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Micros Retail J
NVD
CVSS 3.0
6.3
EPSS
0.9%
CVE-2018-3003 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Hospitality Cruise Fleet Management
NVD
CVSS 3.0
6.2
EPSS
0.5%
CVE-2018-3001 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Hospitality Cruise Shipboard Property Management System
NVD
CVSS 3.0
6.2
EPSS
0.5%
CVE-2018-2951 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Configuration Manager). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.2
EPSS
0.5%
CVE-2018-0401 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express Unified Ip Interactive Voice Response
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-0400 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Contact Center Express Unified Ip Interactive Voice Response
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-0396 MEDIUM This Month

A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager Im And Presence Service
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0390 MEDIUM This Month

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Meetings
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-14380 MEDIUM PATCH This Month

In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Graylog
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-5232 MEDIUM This Month

The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-3068 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Compensation). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Human Capital Management Human Resources
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3006 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-2999 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-2987 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-2986 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy