Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2014-10399

    The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.... Read more

    Affected Products : cgilua
    • EPSS Score: %0.46
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10398

    Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICT... Read more

    Affected Products : rbs_bs-client._retail_client
    • EPSS Score: %0.31
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10397

    The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php.... Read more

    Affected Products : antioch
    • EPSS Score: %1.15
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10396

    The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.... Read more

    Affected Products : epic
    • EPSS Score: %1.15
    • Published: Sep. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10395

    The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.... Read more

    Affected Products : polls_cp
    • EPSS Score: %0.19
    • Published: Aug. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10394

    The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header.... Read more

    Affected Products : rich_counter
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10393

    The cforms2 plugin before 10.5 for WordPress has XSS.... Read more

    Affected Products : cformsii
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10392

    The cforms2 plugin before 10.2 for WordPress has XSS.... Read more

    Affected Products : cformsii
    • EPSS Score: %0.28
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10391

    The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.... Read more

    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2014-10390

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.... Read more

    • EPSS Score: %0.52
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10389

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.... Read more

    • EPSS Score: %0.79
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-10388

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.... Read more

    • EPSS Score: %0.25
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10387

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.... Read more

    • EPSS Score: %0.51
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10386

    The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.... Read more

    Affected Products : live_chat
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10385

    The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.... Read more

    Affected Products : memphis_documents_library
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10384

    The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.... Read more

    Affected Products : memphis_documents_library
    • EPSS Score: %0.91
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10383

    The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.... Read more

    Affected Products : memphis_documents_library
    • EPSS Score: %1.55
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-10382

    The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.... Read more

    Affected Products : featured_comments
    • EPSS Score: %0.10
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-10381

    The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.... Read more

    Affected Products : user_domain_whitelist
    • EPSS Score: %0.11
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10380

    The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.... Read more

    Affected Products : profile_builder
    • EPSS Score: %0.19
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291756 Results