Skip to main content
CVE-2018-19060 MEDIUM POC This Month

An issue was discovered in Poppler 0.71.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Poppler Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-19059 MEDIUM POC This Month

An issue was discovered in Poppler 0.71.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Poppler Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-19058 MEDIUM POC This Month

An issue was discovered in Poppler 0.71.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Poppler Ubuntu Linux Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-19092 MEDIUM POC This Month

An issue was discovered in YzmCMS v5.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-19083 MEDIUM POC This Month

WeCenter 3.2.0 through 3.2.2 has XSS in the views/default/question/index.tpl.html htmlspecialchars_decode function via the /?/publish/ajax/publish_question/ question_content parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wecenter
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19080 MEDIUM POC This Month

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-19057 MEDIUM POC This Month

SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with [ and ( characters, which is mishandled during construction of an A element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simplemde
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-19056 MEDIUM POC This Month

pandao Editor.md 1.5.0 has DOM XSS via input starting with a "<<" substring, which is mishandled during construction of an A element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Editor Md
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-19051 MEDIUM POC This Month

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19050 MEDIUM POC This Month

MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16253 MEDIUM POC PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Jwt Attack Information Disclosure Axtls
NVD GitHub
CVSS 3.0
5.9
EPSS
0.6%
CVE-2018-16149 MEDIUM POC PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Jwt Attack Axtls
NVD GitHub
CVSS 3.0
5.9
EPSS
0.7%
CVE-2018-19072 MEDIUM POC This Month

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-19091 MEDIUM POC This Month

tianti 2.3 has reflected XSS in the user management module via the tianti-module-admin/user/list userName parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tianti
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-19090 MEDIUM POC This Month

tianti 2.3 has stored XSS in the article management module via an article title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tianti
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-19089 MEDIUM POC This Month

tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tianti
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-19075 MEDIUM POC This Month

An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-19068 MEDIUM POC This Month

An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure I5 Application Firmware I5 System Firmware C2 Application Firmware C2 System Firmware
NVD
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-16845 MEDIUM PATCH This Month

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nginx Debian Linux Ubuntu Linux Leap +1
NVD
CVSS 3.1
6.1
EPSS
9.8%
CVE-2018-16150 MEDIUM PATCH This Month

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Axtls
NVD GitHub
CVSS 3.0
5.9
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy