Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-18635

    An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.... Read more

    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18634

    The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.... Read more

    Affected Products : newspaper
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18615

    The kama-clic-counter plugin before 3.5.0 for WordPress has XSS.... Read more

    Affected Products : kama_click_counter
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-18614

    The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.... Read more

    Affected Products : kama_click_counter
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18613

    The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter.... Read more

    Affected Products : trust_form
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18612

    The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter.... Read more

    Affected Products : wp-whois-domain
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18611

    The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter.... Read more

    Affected Products : magic_fields
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18610

    The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter.... Read more

    Affected Products : magic_fields
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18609

    The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter.... Read more

    Affected Products : magic_fields
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18608

    The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues.... Read more

    Affected Products : spot.im_comments
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18607

    The avada theme before 5.1.5 for WordPress has CSRF.... Read more

    Affected Products : avada
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18606

    The avada theme before 5.1.5 for WordPress has stored XSS.... Read more

    Affected Products : avada
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18605

    The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.... Read more

    Affected Products : gravitate_qa_tracker
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18604

    The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.... Read more

    Affected Products : sitebuilder_dynamic_components
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18603

    The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter.... Read more

    Affected Products : postman-smtp
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18602

    The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.... Read more

    Affected Products : ibps_online_exam
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18601

    The examapp plugin 1.0 for WordPress has XSS via exam input text fields.... Read more

    Affected Products : ibps_online_exam
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18600

    The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.... Read more

    Affected Products : formcraft
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18599

    The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter.... Read more

    Affected Products : pinfinity
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18598

    The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php.... Read more

    Affected Products : qards
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293284 Results