Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-18495

    The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS.... Read more

    Affected Products : gravity_forms
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18494

    The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues.... Read more

    Affected Products : custom_search
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18493

    The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.... Read more

    Affected Products : custom_admin_page
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18492

    The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.... Read more

    Affected Products : contact_form_to_db
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18491

    The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.... Read more

    Affected Products : contact_form
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18490

    The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.... Read more

    Affected Products : contact_form_multi
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18489

    The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS.... Read more

    Affected Products : contact_form_7_-_clockwork_sms
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18488

    The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues.... Read more

    Affected Products : backup_guard
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18487

    The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.... Read more

    Affected Products : google_adsense
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-18486

    Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the sh... Read more

    Affected Products : helpdesk
    • Published: Aug. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2017-18485

    Cognitoys Dino devices allow profiles_add.html CSRF.... Read more

    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18484

    Cognitoys Dino devices allow XSS via the SSID.... Read more

    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18483

    ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID.... Read more

    Affected Products : sp1_firmware sp1
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18482

    cPanel before 62.0.4 allows resellers to use the WHM enqueue_transfer_item API for queueing non-rearrange modules (SEC-213).... Read more

    Affected Products : cpanel
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-18481

    cPanel before 62.0.4 allows stored XSS in the WHM Account Suspension List interface (SEC-211).... Read more

    Affected Products : cpanel
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18480

    cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).... Read more

    Affected Products : cpanel
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18479

    In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).... Read more

    Affected Products : cpanel
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18478

    In cPanel before 62.0.4 incorrect ACL checks could occur in xml-api for Rearrange Account actions (SEC-207).... Read more

    Affected Products : cpanel
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18477

    In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).... Read more

    Affected Products : cpanel
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18476

    Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).... Read more

    Affected Products : cpanel
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293284 Results