Skip to main content
CVE-2018-11770 MEDIUM POC THREAT This Month

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Authentication Bypass Apache Spark
NVD
CVSS 3.1
4.2
EPSS
65.8%
CVE-2018-15141 MEDIUM POC PATCH THREAT This Month

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the "docid". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Openemr
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
14.5%
CVE-2018-15140 MEDIUM POC PATCH THREAT This Month

Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the "docid" parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Openemr
NVD GitHub Exploit-DB
CVSS 3.0
6.5
EPSS
16.7%
CVE-2018-6970 MEDIUM PATCH This Month

VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Buffer Overflow VMware Horizon Client +1
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-10864 MEDIUM This Month

An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Certification
NVD
CVSS 3.0
6.2
EPSS
1.2%
CVE-2018-12587 MEDIUM This Month

A cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3 (an Opera Browser add-on). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS German Spelling Dictionary
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-10569 MEDIUM This Month

An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Edimax Ew 7438Rpn V2 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-13392 MEDIUM This Month

Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Crucible Fisheye
NVD
CVSS 3.0
6.1
EPSS
1.7%
CVE-2018-3781 MEDIUM This Month

A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud XSS Talk
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-3780 MEDIUM This Month

A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud XSS Nextcloud Server
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-14850 MEDIUM This Month

Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tikiwiki Cms Groupware
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-14849 MEDIUM This Month

Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Tikiwiki Cms Groupware
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-14781 MEDIUM This Month

Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure 508 Minimed Insulin Pump Firmware 522 Paradigm Real Time Firmware 722 Paradigm Real Time Firmware 523 Paradigm Revel Firmware +5
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2018-10634 MEDIUM This Month

Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Minimed Paradigm Revel Mmt 523K Firmware Minimed Paradigm Revel Mmt 723K Firmware Minimed Paradigm Revel Mmt 723 Firmware Minimed 530G Mmt 551 Firmware +5
NVD
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy