Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-18604

    The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.... Read more

    Affected Products : sitebuilder_dynamic_components
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18603

    The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter.... Read more

    Affected Products : postman-smtp
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18602

    The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.... Read more

    Affected Products : ibps_online_exam
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18601

    The examapp plugin 1.0 for WordPress has XSS via exam input text fields.... Read more

    Affected Products : ibps_online_exam
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18600

    The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.... Read more

    Affected Products : formcraft
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18599

    The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter.... Read more

    Affected Products : pinfinity
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18598

    The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php.... Read more

    Affected Products : qards
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18597

    The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter.... Read more

    Affected Products : jtrt_responsive_tables
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18596

    The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.... Read more

    Affected Products : elementor_page_builder elementor
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-18595

    An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.... Read more

    Affected Products : linux_kernel leap
    • Published: Sep. 04, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18594

    nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.... Read more

    Affected Products : nmap
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18593

    The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file.... Read more

    Affected Products : updraftplus
    • Published: Aug. 28, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18592

    The woocommerce-catalog-enquiry plugin before 3.1.0 for WordPress has an incorrect wp_upload directory for file uploads.... Read more

    Affected Products : wc_catalog_enquiry
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18590

    The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.... Read more

    Affected Products : timesheet
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18589

    An issue was discovered in the cookie crate before 0.7.6 for Rust. Large integers in the Max-Age of a cookie cause a panic.... Read more

    Affected Products : cookie
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18588

    An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates.... Read more

    Affected Products : security-framework
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18587

    An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers.... Read more

    Affected Products : hyper
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2017-18586

    The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths.... Read more

    Affected Products : insert_pages
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-18585

    The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal.... Read more

    Affected Products : posts_in_page
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18584

    The post-pay-counter plugin before 2.731 for WordPress has no permissions check for an update-settinga action.... Read more

    Affected Products : post_pay_counter post_pay_counter
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293349 Results