Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2014-10391

    The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection.... Read more

    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2014-10390

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal.... Read more

    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10389

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication.... Read more

    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-10388

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure.... Read more

    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10387

    The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection.... Read more

    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10386

    The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections.... Read more

    Affected Products : live_chat
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10385

    The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.... Read more

    Affected Products : memphis_documents_library
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10384

    The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion.... Read more

    Affected Products : memphis_documents_library
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10383

    The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion.... Read more

    Affected Products : memphis_documents_library
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-10382

    The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment.... Read more

    Affected Products : featured_comments
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2014-10381

    The user-domain-whitelist plugin before 1.5 for WordPress has CSRF.... Read more

    Affected Products : user_domain_whitelist
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10380

    The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.... Read more

    Affected Products : profile_builder
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10379

    The duplicate-post plugin before 2.6 for WordPress has SQL injection.... Read more

    Affected Products : duplicate_post
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10378

    The duplicate-post plugin before 2.6 for WordPress has XSS.... Read more

    Affected Products : duplicate_post
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10377

    The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.... Read more

    Affected Products : cformsii
    • Published: Aug. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-10376

    The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.... Read more

    Affected Products : i_recommend_this
    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2014-10375

    handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.... Read more

    Affected Products : exosip
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2014-10374

    On Fitbit activity-tracker devices, certain addresses never change. According to the popets-2019-0036.pdf document, this leads to "permanent trackability" and "considerable privacy concerns" without a user-accessible anonymization feature. The devices, su... Read more

    Affected Products : charge_2_firmware charge_2
    • Published: Jul. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2014-10079

    In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.... Read more

    Affected Products : storegrid
    • Published: Feb. 23, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2014-10078

    Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.... Read more

    Affected Products : storegrid
    • Published: Feb. 23, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293304 Results