Skip to main content
CVE-2018-19376 MEDIUM POC This Month

An issue was discovered in GreenCMS v2.3.0603. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Greencms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-18774 MEDIUM POC This Month

CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Webpanel
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.8%
CVE-2018-19390 MEDIUM POC This Month

FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via TIFF data because of a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Foxit Reader
NVD GitHub
CVSS 3.0
5.5
EPSS
2.2%
CVE-2018-19389 MEDIUM POC This Month

FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Foxit Reader
NVD GitHub
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-19388 MEDIUM POC This Month

FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Foxit Reader
NVD GitHub
CVSS 3.0
5.5
EPSS
2.2%
CVE-2018-19335 MEDIUM POC PATCH This Month

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google CSRF Monorail
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-19334 MEDIUM POC PATCH This Month

Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google CSRF Monorail
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-10099 MEDIUM POC PATCH This Month

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Google CSRF Monorail
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-18565 MEDIUM This Month

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00,. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Accu Chek Inform Ii Firmware Cobas H 232 Firmware Coaguchek Pro Ii Firmware Coaguchek Xs Plus Firmware +1
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-16222 MEDIUM This Month

Cleartext Storage of credentials in the iSmartAlarmData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Ismartalarm
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-18716 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2018-18715 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.8%
CVE-2018-17948 MEDIUM This Month

An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-16224 MEDIUM This Month

Incorrect access control for the diagnostic files of the iSmartAlarm Cube One through 2.2.4.10 allows an attacker to retrieve them via a specifically crafted TCP request to port 12345 and 22306, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cubeone Firmware
NVD
CVSS 3.0
5.3
EPSS
6.6%
CVE-2018-12038 MEDIUM PATCH This Month

An issue was discovered on Samsung 840 EVO devices. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Samsung 840 Evo Firmware
NVD
CVSS 3.0
4.2
EPSS
0.6%
CVE-2018-12037 MEDIUM PATCH This Month

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and. Rated medium severity (CVSS 4.0).

Information Disclosure Samsung 840 Evo Firmware 850 Evo Firmware T3 Firmware +4
NVD
CVSS 3.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy