Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-10936

    The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option.... Read more

    Affected Products : wp-polls
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10935

    The woocommerce-exporter plugin before 1.8.4 for WordPress has privilege escalation.... Read more

    Affected Products : store_exporter_for_woocommerce
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10934

    The check-email plugin before 0.5.2 for WordPress has XSS.... Read more

    Affected Products : check_email
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-10933

    An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP.... Read more

    Affected Products : portaudio
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2016-10932

    An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted.... Read more

    Affected Products : windows hyper
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-10931

    An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.... Read more

    Affected Products : openssl rust-openssl
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10930

    The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number.... Read more

    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2016-10929

    The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in.... Read more

    Affected Products : advanced_ajax_page_loader
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10928

    The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users.... Read more

    Affected Products : onelogin_saml_sso
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-10927

    The nelio-ab-testing plugin before 4.5.11 for WordPress has SSRF in ajax/iesupport.php.... Read more

    Affected Products : nelio_ab_testing
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-10926

    The nelio-ab-testing plugin before 4.5.9 for WordPress has SSRF in ajax/iesupport.php.... Read more

    Affected Products : nelio_ab_testing
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10925

    The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs.... Read more

    Affected Products : loginwp
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-10924

    The ebook-download plugin before 1.2 for WordPress has directory traversal.... Read more

    Affected Products : zedna_ebook_download
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10923

    The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.... Read more

    Affected Products : store_toolkit_for_woocommerce
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10922

    The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.... Read more

    Affected Products : store_toolkit_for_woocommerce
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10921

    The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.... Read more

    Affected Products : photo_gallery
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10920

    The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.... Read more

    Affected Products : gnucommerce
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-10919

    The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.... Read more

    Affected Products : wassup_real_time_analytics
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-10918

    The gallery-by-supsystic plugin before 1.8.6 for WordPress has CSRF.... Read more

    Affected Products : photo_gallery
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-10917

    The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.... Read more

    Affected Products : search_everything search_everything
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results