Skip to main content
CVE-2018-1000655 MEDIUM POC This Month

Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Jsish
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1000645 MEDIUM POC This Month

LibreHealthIO lh-ehr version <REL-2.0.0 contains an Authenticated Local File Disclosure vulnerability in Importing of templates allows local file disclosure that can result in Disclosure of sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Librehealth Ehr
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-15574 MEDIUM POC This Month

An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Reprise License Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2018-15566 MEDIUM POC This Month

tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Tp5Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-15559 MEDIUM POC This Month

The editor in Xiuno BBS 4.0.4 allows stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xiunobbs
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-1000654 MEDIUM POC This Month

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libtasn1
NVD
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-1000219 MEDIUM POC This Month

OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'scan' parameter in line #41 of interface/fax/fax_view.php that can result in The vulnerability could allow remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Openemr
NVD GitHub
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-1000218 MEDIUM POC This Month

OpenEMR version v5_0_1_4 contains a Cross Site Scripting (XSS) vulnerability in The 'file' parameter in line #43 of interface/fax/fax_view.php that can result in The vulnerability could allow remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Openemr
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-14023 MEDIUM POC This Month

Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Signal Desktop
NVD
CVSS 3.0
4.0
EPSS
0.5%
CVE-2018-1000635 MEDIUM PATCH This Month

The Open Microscopy Environment OMERO.server version 5.4.0 to 5.4.6 contains a Information Exposure Through Sent Data vulnerability in OMERO.server that can result in an Attacker gaining full. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Omero
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2018-1656 MEDIUM PATCH This Month

The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java IBM Path Traversal Sdk Satellite +4
NVD
CVSS 3.0
6.5
EPSS
4.5%
CVE-2018-1000636 MEDIUM PATCH This Month

JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Jerryscript
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-15572 MEDIUM PATCH This Month

The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux Ubuntu Linux Linux Kernel
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-15569 MEDIUM This Month

my little forum 2.4.12 allows CSRF for deletion of users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF My Little Forum
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-1000225 MEDIUM This Month

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation XSS Cobbler
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-1000642 MEDIUM This Month

FlightAirMap version <=v1.0-beta.21 contains a Cross Site Scripting (XSS) vulnerability in GET variable used within registration sub menu page that can result in unauthorised actions and access to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Flightairmap
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1000640 MEDIUM This Month

OpenCart-Overclocked version <=1.11.1 contains a Cross Site Scripting (XSS) vulnerability in User input entered unsanitised within JS function in the template that can result in Unauthorised actions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Denial Of Service Opencart Overclocked
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1000638 MEDIUM POC This Month

{payload} that can result in code injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Minicms
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.2%
CVE-2018-15567 MEDIUM This Month

CMSUno before 1.5.3 has XSS via the title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cmsuno
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-15594 MEDIUM PATCH This Month

arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Debian Linux Ubuntu Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-1394 MEDIUM This Month

Multiple IBM Rational products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Doors Next Generation Rational Engineering Lifecycle Manager Rational Quality Manager +3
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-14020 MEDIUM PATCH This Month

An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Paymorrow
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-15570 MEDIUM This Month

In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Waimai Super Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy