Skip to main content
CVE-2018-11502 MEDIUM POC This Month

An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Moderator Log Notes
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-15120 MEDIUM POC PATCH THREAT This Month

libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Pango Ubuntu Linux
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
11.5%
CVE-2018-15536 MEDIUM POC This Month

/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Responsive Filemanager
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
6.4%
CVE-2018-14059 MEDIUM POC PATCH This Month

Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pimcore
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
3.1%
CVE-2018-15499 MEDIUM POC This Month

GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Race Condition Microsoft Denial Of Service Gearaspiwdm
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-15605 MEDIUM PATCH This Month

An issue was discovered in phpMyAdmin before 4.8.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD GitHub
CVSS 3.0
6.1
EPSS
1.7%
CVE-2018-1755 MEDIUM PATCH This Month

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by incorrect transport being used when Liberty is configured to use Java Authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Java IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
5.9
EPSS
3.5%
CVE-2018-11065 MEDIUM This Month

The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Archer
NVD
CVSS 3.0
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy