Skip to main content
CVE-2018-17534 MEDIUM POC This Month

Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rut900 Firmware Rut950 Firmware Rut955 Firmware
NVD GitHub
CVSS 3.0
6.8
EPSS
0.7%
CVE-2018-18259 MEDIUM POC This Month

Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Luya Cms
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-17533 MEDIUM POC This Month

Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rut900 Firmware Rut950 Firmware Rut955 Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-18324 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
3.2%
CVE-2018-18296 MEDIUM POC This Month

MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-18310 MEDIUM POC PATCH This Month

An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Elfutils Debian Linux Enterprise Linux Desktop +4
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2018-18309 MEDIUM POC This Month

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Binutils
NVD
CVSS 3.0
5.5
EPSS
1.8%
CVE-2018-1744 MEDIUM PATCH This Month

IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Security Key Lifecycle Manager
NVD
CVSS 3.0
6.5
EPSS
2.6%
CVE-2018-18073 MEDIUM PATCH This Month

Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.1
6.3
EPSS
2.7%
CVE-2018-18260 MEDIUM This Month

In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Camaleon Cms
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-15538 MEDIUM This Month

Agentejo Cockpit has multiple Cross-Site Scripting vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cockpit
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-18361 MEDIUM This Month

An issue was discovered in nc-cms through 2017-03-10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Nc Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-12154 MEDIUM This Month

Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Graphics Driver
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-15378 MEDIUM PATCH This Month

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Clamav Debian Linux +1
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-15590 MEDIUM This Month

An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Workspace Control
NVD
CVSS 3.0
5.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy