Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-10389

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.... Read more

    • EPSS Score: %0.79
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-10388

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.... Read more

    • EPSS Score: %0.25
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10387

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.... Read more

    • EPSS Score: %0.51
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10386

    The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.... Read more

    Affected Products : live_chat
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10385

    The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.... Read more

    Affected Products : memphis_documents_library
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10384

    The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.... Read more

    Affected Products : memphis_documents_library
    • EPSS Score: %0.91
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10383

    The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.... Read more

    Affected Products : memphis_documents_library
    • EPSS Score: %1.55
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-10382

    The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.... Read more

    Affected Products : featured_comments
    • EPSS Score: %0.10
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-10381

    The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.... Read more

    Affected Products : user_domain_whitelist
    • EPSS Score: %0.11
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10380

    The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.... Read more

    Affected Products : profile_builder
    • EPSS Score: %0.19
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10379

    The duplicate-post plugin before 2.6 for WordPress has SQL injection.... Read more

    Affected Products : duplicate_post
    • EPSS Score: %0.51
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10378

    The duplicate-post plugin before 2.6 for WordPress has XSS.... Read more

    Affected Products : duplicate_post
    • EPSS Score: %0.19
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10377

    The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.... Read more

    Affected Products : cformsii
    • EPSS Score: %0.19
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10376

    The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.... Read more

    Affected Products : i_recommend_this
    • EPSS Score: %0.48
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10375

    handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.... Read more

    Affected Products : exosip
    • EPSS Score: %0.35
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-10374

    On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, su... Read more

    Affected Products : charge_2_firmware charge_2
    • EPSS Score: %0.18
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-10079

    In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.... Read more

    Affected Products : storegrid
    • EPSS Score: %13.82
    • Published: Feb. 23, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10078

    Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.... Read more

    Affected Products : storegrid
    • EPSS Score: %2.27
    • Published: Feb. 23, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10077

    Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.... Read more

    Affected Products : debian_linux i18n
    • EPSS Score: %1.36
    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10076

    The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack.... Read more

    Affected Products : wp-db-backup
    • EPSS Score: %0.57
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291806 Results