Skip to main content
CVE-2018-15602 MEDIUM This Month

Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zyxel Vmg3312 B10B Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-15876 MEDIUM This Month

An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Ajax Bootmodal Login
NVD GitHub
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-15833 MEDIUM This Month

In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vanilla Forums
NVD
CVSS 3.0
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy