Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2015-9323

    The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.... Read more

    Affected Products : 404_to_301
    • EPSS Score: %63.26
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20973

    The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion.... Read more

    Affected Products : companion_auto_update
    • EPSS Score: %0.76
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15224

    The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.... Read more

    Affected Products : rest-client
    • EPSS Score: %2.16
    • Published: Aug. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15111

    The wp-front-end-profile plugin before 0.2.2 for WordPress has a privilege escalation issue.... Read more

    Affected Products : wp_front_end_profile
    • EPSS Score: %0.34
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5032

    An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a ma... Read more

    Affected Products : aspose.cells aspose.words
    • EPSS Score: %1.71
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-5041

    An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An at... Read more

    Affected Products : aspose.words
    • EPSS Score: %3.34
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10379

    The duplicate-post plugin before 2.6 for WordPress has SQL injection.... Read more

    Affected Products : duplicate_post
    • EPSS Score: %0.51
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10917

    The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.... Read more

    Affected Products : search_everything search_everything
    • EPSS Score: %0.69
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18571

    The search-everything plugin before 8.1.7 for WordPress has SQL injection related to WordPress 4.7.x, a different vulnerability than CVE-2014-2316.... Read more

    Affected Products : search_everything search_everything
    • EPSS Score: %0.51
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18573

    The simple-login-log plugin before 1.1.2 for WordPress has SQL injection.... Read more

    Affected Products : simple_login_log
    • EPSS Score: %0.55
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10384

    The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.... Read more

    Affected Products : memphis_documents_library
    • EPSS Score: %0.91
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10922

    The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.... Read more

    Affected Products : store_toolkit_for_woocommerce
    • EPSS Score: %0.34
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-20985

    The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec.... Read more

    Affected Products : wp_payeezy_pay
    • EPSS Score: %42.92
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10930

    The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.... Read more

    • EPSS Score: %0.84
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7483

    The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.... Read more

    Affected Products : slidedeck_2
    • EPSS Score: %0.84
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-9334

    The email-newsletter plugin through 20.15 for WordPress has SQL injection.... Read more

    Affected Products : email-newsletter
    • EPSS Score: %0.61
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15490

    openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21.... Read more

    Affected Products : openitcockpit
    • EPSS Score: %0.51
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14968

    An issue was discovered in imcat 4.9. There is SQL Injection via the index.php order parameter in a mod=faqs action.... Read more

    Affected Products : imcat
    • EPSS Score: %0.26
    • Published: Aug. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10750

    deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload.... Read more

    Affected Products : deeply
    • EPSS Score: %0.43
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15537

    The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.... Read more

    Affected Products : proxystatistics
    • EPSS Score: %0.26
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291871 Results