Skip to main content
CVE-2018-15203 MEDIUM POC This Month

An issue was discovered in Ignited CMS through 2017-02-19. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Ignitedcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2018-15202 MEDIUM POC This Month

An issue was discovered in Juunan06 eCommerce through 2018-08-05. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Ecommerce
NVD GitHub
CVSS 3.0
6.3
EPSS
0.4%
CVE-2018-15178 MEDIUM POC PATCH This Month

Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Gogs
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-15169 MEDIUM POC This Month

A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XSS Manageengine Applications Manager
NVD GitHub
CVSS 3.0
6.1
EPSS
1.7%
CVE-2018-15199 MEDIUM POC This Month

AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Auracms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-14526 MEDIUM PATCH This Month

An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Oracle Information Disclosure Ubuntu Linux Debian Linux Wpa Supplicant
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-3778 MEDIUM PATCH This Month

Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Aedes
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy