Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2018-21007

    The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to supportive xl folders inside uploads.... Read more

    • EPSS Score: %0.71
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15780

    The formidable plugin before 4.02.01 for WordPress has unsafe deserialization.... Read more

    Affected Products : formidable_form_builder formidable
    • EPSS Score: %1.10
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15783

    Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc.... Read more

    Affected Products : lute-tab
    • EPSS Score: %0.46
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15824

    The wps-hide-login plugin before 1.5.3 for WordPress has an adminhash protection bypass.... Read more

    Affected Products : wps_hide_login
    • EPSS Score: %1.02
    • Published: Aug. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15826

    The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field.... Read more

    Affected Products : wps_hide_login
    • EPSS Score: %1.12
    • Published: Aug. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10709

    AsusPTPFilter.sys on Asus Precision TouchPad 11.0.0.25 hardware has a Pool Overflow associated with the \\.\AsusTP device, leading to a DoS or potentially privilege escalation via a crafted DeviceIoControl call.... Read more

    Affected Products : precision_touchpad
    • EPSS Score: %9.69
    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13976

    eGain Chat 15.0.3 allows unrestricted file upload.... Read more

    Affected Products : chat
    • EPSS Score: %0.43
    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-13188

    In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application.... Read more

    Affected Products : knowage
    • EPSS Score: %3.70
    • Published: Sep. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-14222

    An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present ... Read more

    Affected Products : alfresco
    • EPSS Score: %2.14
    • Published: Sep. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16102

    Silver Peak EdgeConnect SD-WAN before 8.1.7.x has an SNMP service with a public value for rocommunity and trapcommunity.... Read more

    • EPSS Score: %0.43
    • Published: Sep. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16125

    In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection.... Read more

    Affected Products : jobberbase
    • EPSS Score: %0.62
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16139

    An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read.... Read more

    Affected Products : compact_arena
    • EPSS Score: %0.38
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16143

    An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes.... Read more

    Affected Products : blake2-rust blake2
    • EPSS Score: %0.20
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-21013

    The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.... Read more

    Affected Products : swape
    • EPSS Score: %0.80
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-15102

    An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is a... Read more

    Affected Products : sahi_pro
    • EPSS Score: %4.54
    • Published: Sep. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-10665

    An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some... Read more

    Affected Products : librenms
    • EPSS Score: %0.00
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16190

    SharePort Web Access on D-Link DIR-868L REVB through 2.03, DIR-885L REVA through 1.20, and DIR-895L REVA through 1.21 devices allows Authentication Bypass, as demonstrated by a direct request to folder_view.php or category_view.php.... Read more

    • EPSS Score: %0.90
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-16184

    A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.... Read more

    Affected Products : limesurvey
    • EPSS Score: %0.69
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2019-12405

    Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate... Read more

    Affected Products : traffic_control
    • EPSS Score: %1.17
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18605

    The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.... Read more

    Affected Products : gravitate_qa_tracker
    • EPSS Score: %1.26
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292110 Results