Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2019-14801

    The FV Flowplayer Video Player plugin before 7.3.15.727 for WordPress allows email subscription SQL injection.... Read more

    Affected Products : fv_flowplayer_video_player
    • Published: Aug. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14985

    eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28.... Read more

    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-0345

    A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overview), versions 7.30, 7.31, 7.40, 7.50, by sending a specially crafted XML file and trick the application server into leaking ... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18514

    The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.... Read more

    Affected Products : simple_login_log
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10886

    The wp-editor plugin before 1.2.6 for WordPress has incorrect permissions.... Read more

    Affected Products : wp_editor
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13578

    A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/... Read more

    Affected Products : givewp give
    • Published: Aug. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15106

    An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, th... Read more

    Affected Products : manageengine_opmanager
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18548

    The note-press plugin before 0.1.2 for WordPress has SQL injection.... Read more

    Affected Products : note_press
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15091

    filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.... Read more

    Affected Products : integria_ims
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9323

    The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.... Read more

    Affected Products : 404_to_301
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20973

    The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.... Read more

    Affected Products : companion_auto_update
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15224

    The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.... Read more

    Affected Products : rest-client
    • Published: Aug. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15111

    The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue.... Read more

    Affected Products : wp_front_end_profile
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5032

    An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a ma... Read more

    Affected Products : aspose.cells aspose.words
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5041

    An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An at... Read more

    Affected Products : aspose.words
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10917

    The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.... Read more

    Affected Products : search_everything search_everything
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18571

    The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.... Read more

    Affected Products : search_everything search_everything
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10922

    The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.... Read more

    Affected Products : store_toolkit_for_woocommerce
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20985

    The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.... Read more

    Affected Products : wp_payeezy_pay
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10930

    The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.... Read more

    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292774 Results