Skip to main content
CVE-2018-15569 MEDIUM This Month

my little forum 2.4.12 allows CSRF for deletion of users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF My Little Forum
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-1000225 MEDIUM This Month

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation XSS Cobbler
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-1000642 MEDIUM This Month

FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Flightairmap
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1000640 MEDIUM This Month

OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Denial Of Service Opencart Overclocked
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1000638 MEDIUM POC This Month

MiniCMS version 1.1 contains a Cross Site Scripting (XSS) vulnerability in http://example.org/mc-admin/page.php?date={payload} that can result in code injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Minicms
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.2%
CVE-2018-15567 MEDIUM This Month

CMSUno before 1.5.3 has XSS via the title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cmsuno
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-15594 MEDIUM PATCH This Month

arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Debian Linux Ubuntu Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-1394 MEDIUM This Month

Multiple IBM Rational products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Doors Next Generation Rational Engineering Lifecycle Manager Rational Quality Manager +3
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-14020 MEDIUM PATCH This Month

An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Paymorrow
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-15570 MEDIUM This Month

In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Waimai Super Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy