Skip to main content
CVE-2018-15877 HIGH POC THREAT Act Now

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Command Injection Plainview Activity Monitor
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
77.0%
CVE-2018-15888 CRITICAL POC Act Now

An issue was discovered in ASPCMS 2.5.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aspcms
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-15885 HIGH POC This Week

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Findme
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-15602 MEDIUM This Month

Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zyxel Vmg3312 B10B Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-15876 MEDIUM This Month

An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Ajax Bootmodal Login
NVD GitHub
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-15833 MEDIUM This Month

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vanilla Forums
NVD
CVSS 3.0
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy