Skip to main content
CVE-2018-3913 MEDIUM POC This Month

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2018-17294 MEDIUM POC PATCH This Month

The matchCurrentInput function inside lou_translateString.c of Liblouis prior to 3.7 does not check the input string's length, allowing attackers to cause a denial of service (application crash via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Liblouis Ubuntu Linux +1
NVD GitHub
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-17292 MEDIUM POC PATCH This Month

An issue was discovered in WAVM before 2018-09-16. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-17002 MEDIUM POC This Month

On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mp 2001Sp Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17001 MEDIUM POC This Month

On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sp 4510Sf Firmware
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-9282 MEDIUM POC This Month

An XSS issue was discovered in Subsonic Media Server 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14691 MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14690 MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14689 MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-14688 MEDIUM POC This Month

An issue was discovered in Subsonic 6.1.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subsonic
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16786 MEDIUM POC This Month

DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dedecms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17302 MEDIUM POC This Month

Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-17301 MEDIUM POC This Month

Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Espocrm
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-16821 MEDIUM POC This Month

SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Seacms
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-17300 MEDIUM POC This Month

Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cuppacms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2018-11352 MEDIUM POC PATCH This Month

The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Wallabag
NVD
CVSS 3.0
4.0
EPSS
0.7%
CVE-2018-17320 MEDIUM This Month

An issue was discovered in UCMS 1.4.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Ucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17003 MEDIUM This Month

In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Limesurvey
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-16965 MEDIUM This Month

In Zoho ManageEngine SupportCenter Plus before 8.1 Build 8109, there is HTML Injection and Stored XSS via the /ServiceContractDef.do contractName parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Supportcenter Plus
NVD
CVSS 3.0
6.1
EPSS
2.5%
CVE-2018-16833 MEDIUM This Month

Zoho ManageEngine Desktop Central 10.0.271 has XSS via the "Features & Articles" search field to the /advsearch.do?SUBREQUEST=XMLHTTP URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Desktop Central
NVD
CVSS 3.0
6.1
EPSS
65.4%
CVE-2018-15613 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Aura Orchestration Designer
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-13111 MEDIUM This Month

There exists a partial Denial of Service vulnerability in Wanscam HW0021 IP Cameras. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Hw0021 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-8023 MEDIUM PATCH This Month

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Mesos
NVD
CVSS 3.0
5.9
EPSS
3.1%
CVE-2018-16597 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 4.8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Linux Linux Kernel Active Iq Performance Analytics Services Element Software +1
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-1685 MEDIUM This Month

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-14890 MEDIUM This Month

Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cognito
NVD
CVSS 3.0
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy