Skip to main content
CVE-2018-18195 MEDIUM POC This Month

An issue was discovered in libgig 4.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libgig
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-18192 MEDIUM POC This Month

An issue was discovered in libgig 4.1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libgig
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-18088 MEDIUM POC This Month

OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Openjpeg Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-18198 MEDIUM POC PATCH This Month

The $opener_input_field variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Redaxo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-17866 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Ultimate Member
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-18082 MEDIUM POC This Month

XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Waimai Super Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-18087 MEDIUM POC This Month

The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Portfolio
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-18029 MEDIUM POC PATCH This Month

Navigate CMS has Stored XSS via the navigate.php Title field in an edit action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Navigate Cms
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-15543 MEDIUM This Month

An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Telegram
NVD GitHub
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-6977 MEDIUM This Month

VMware ESXi (6.7, 6.5, 6.0), Workstation (15.x and 14.x) and Fusion (11.x and 10.x) contain a denial-of-service vulnerability due to an infinite loop in a 3D-rendering shader. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service VMware ESXi Workstation Fusion
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-2474 MEDIUM This Month

SAP Fiori 1.0 for SAP ERP HCM (Approve Leave Request, version 2) application allows an attacker to trick an authenticated user to send unintended request to the web server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF SAP Fiori
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-12478 MEDIUM This Month

A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Build Service
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-15542 MEDIUM This Month

An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Google Authentication Bypass Telegram
NVD GitHub
CVSS 3.0
6.4
EPSS
0.3%
CVE-2018-18199 MEDIUM PATCH This Month

Mediamanager in REDAXO before 5.6.4 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redaxo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-2472 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Bi Platform
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-2470 MEDIUM This Month

In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-18070 MEDIUM This Month

An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Comand
NVD VulDB
CVSS 3.1
5.9
EPSS
1.1%
CVE-2018-18190 MEDIUM PATCH This Month

An issue was discovered in GoPro gpmf-parser before 1.2.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Gpmf Parser
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-2466 MEDIUM This Month

In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Data Services
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-2467 MEDIUM This Month

In the Software Development Kit in SAP BusinessObjects BI Platform Servers, versions 4.1 and 4.2, using the specially crafted URL in a Web Browser such as Chrome the system returns an error with the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP Businessobjects Bi Platform
NVD
CVSS 3.0
5.3
EPSS
1.4%
CVE-2018-7928 MEDIUM This Month

There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei My Cloud
NVD
CVSS 3.0
4.6
EPSS
0.3%
CVE-2018-17859 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-17857 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.0
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy