Skip to main content
CVE-2018-16806 MEDIUM POC This Month

A Pektron Passive Keyless Entry and Start (PKES) system, as used on the Tesla Model S and possibly other vehicles, relies on the DST40 cipher, which makes it easier for attackers to obtain access via. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Passive Keyless Entry And Start System Firmware
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-16780 MEDIUM POC This Month

Complete Responsive CMS Blog through 2018-05-20 has XSS via a comment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Complete Responsive Cms Blog
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-16776 MEDIUM POC This Month

wityCMS 0.6.2 has XSS via the "Site Name" field found in the "Contact" "Configuration" page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Witycms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-16775 MEDIUM POC This Month

An issue was discovered in Victor CMS through 2018-05-10. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Victor Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-16773 MEDIUM POC This Month

EasyCMS 1.5 allows XSS via the index.php?s=/admin/fields/update/navTabId/listfields/callbackType/closeCurrent content field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Easycms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-16772 MEDIUM POC This Month

Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hoosk
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-14635 MEDIUM PATCH This Month

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openstack Neutron
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-16781 MEDIUM This Month

ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ffjpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-16779 MEDIUM This Month

BlogCMS through 2016-10-25 has XSS via a comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Blogcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14636 MEDIUM PATCH This Month

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Neutron
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-16805 MEDIUM This Month

In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Solo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy