Skip to main content
CVE-2018-20152 MEDIUM This Month

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Debian Linux
NVD
CVSS 3.0
6.5
EPSS
4.2%
CVE-2018-20147 MEDIUM This Month

In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Debian Linux
NVD
CVSS 3.0
6.5
EPSS
3.6%
CVE-2018-1977 MEDIUM PATCH This Month

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft IBM Denial Of Service Db2
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-20150 MEDIUM PATCH This Month

In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
5.1%
CVE-2018-1848 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Business Automation Workflow Business Process Manager Websphere
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-3705 MEDIUM This Month

Improper directory permissions in the installer for the Intel(R) System Defense Utility (all versions) may allow authenticated users to potentially enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service System Defense Utility
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-18096 MEDIUM This Month

Improper memory handling in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Buffer Overflow Quickassist Technology For Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-12206 MEDIUM This Month

Improper configuration of hardware access in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Buffer Overflow Quickassist Technology For Linux
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-20153 MEDIUM This Month

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Debian Linux
NVD
CVSS 3.0
5.4
EPSS
2.5%
CVE-2018-20149 MEDIUM PATCH This Month

In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Apache Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
3.4%
CVE-2018-18984 MEDIUM This Month

Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest . Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Carelink 2090 Programmer Firmware Carelink 9790 Programmer Firmware 29901 Encore Programmer Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2018-20155 MEDIUM This Month

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wp Maintenance Mode
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2018-20154 MEDIUM This Month

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Wp Maintenance Mode
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-19413 MEDIUM PATCH This Month

A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sonarqube
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-14623 MEDIUM This Month

A SQL injection flaw was found in katello's errata-related API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Katello
NVD
CVSS 3.0
4.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy