Skip to main content
CVE-2018-20538 MEDIUM POC This Month

There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-20535 MEDIUM POC This Month

There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-20576 MEDIUM POC This Month

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
CVSS 3.0
5.4
EPSS
0.4%
CVE-2018-16638 MEDIUM POC PATCH This Month

Evolution CMS 1.4.x allows XSS via the manager/ search parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evolution Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16637 MEDIUM POC PATCH This Month

Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evolution Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-20530 MEDIUM POC This Month

PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Website Seller Script
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-20567 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Douphp
NVD GitHub
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-20566 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Douphp
NVD GitHub
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-16632 MEDIUM POC This Month

Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mezzanine
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-16630 MEDIUM POC This Month

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kirby
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-20565 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20564 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20563 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20562 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20561 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20560 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20559 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20558 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20557 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-1000889 HIGH PATCH This Week

Logisim Evolution version 2.14.3 and earlier contains an XML External Entity (XXE) vulnerability in Circuit file loading functionality (loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java) that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XXE Logisim Evolution
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-1000887 MEDIUM POC This Month

Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Peel Shopping
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-14995 MEDIUM POC This Month

The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Google Zte Information Disclosure Zte Blade Vantage Firmware Zte Blade Spark Firmware +2
NVD
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-14979 MEDIUM POC This Month

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Google Information Disclosure Zenfone 3 Max Firmware
NVD
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-14988 HIGH This Week

The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mxq Tv Box Firmware
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-14986 HIGH This Week

The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Z5C Firmware
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-20571 HIGH This Week

DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Damicms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-17539 HIGH This Week

The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 allow remote attackers to cause a denial of service attack via an autonomous system (AS) path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Ocnos Zebos
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-1000624 HIGH This Week

Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service PHP V2I Hub
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-1000630 HIGH This Week

Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP V2I Hub
NVD
CVSS 3.0
7.2
EPSS
1.9%
CVE-2018-14987 HIGH This Week

The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19,. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Mxq Tv Box Firmware
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2018-20579 HIGH This Week

Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
7.1
EPSS
0.3%
CVE-2018-7366 MEDIUM This Month

ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxv10 B860Av2 1 Chinamobile Firmware
NVD
CVSS 3.0
6.8
EPSS
0.6%
CVE-2018-20528 MEDIUM This Month

JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Jeecms
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000629 MEDIUM This Month

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP V2I Hub
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-15335 MEDIUM This Month

When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2018-15333 MEDIUM This Month

On versions 11.2.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

File Upload Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15002 MEDIUM This Month

The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone. Rated medium severity (CVSS 4.7). No vendor patch available.

Google Information Disclosure Qualcomm V7 Firmware
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-15334 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Big Ip Access Policy Manager
NVD
CVSS 3.0
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy