Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2013-7478

    The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.... Read more

    Affected Products : events_manager events_manager
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-7477

    The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.... Read more

    Affected Products : events_manager events_manager
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-7476

    The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface.... Read more

    Affected Products : simple_fields
    • EPSS Score: %0.09
    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-7475

    The contact-form-plugin plugin before 3.52 for WordPress has XSS.... Read more

    Affected Products : contact_form
    • EPSS Score: %0.19
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-7474

    Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users.... Read more

    Affected Products : windu_cms
    • EPSS Score: %0.24
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-7473

    Windu CMS 2.2 allows CSRF via admin/users/?mn=admin.message.error to add an admin account.... Read more

    Affected Products : windu_cms
    • EPSS Score: %0.14
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-7472

    The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.... Read more

    Affected Products : count_per_day
    • EPSS Score: %0.44
    • Published: Jun. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7471

    An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters in the NewInternalClient, ... Read more

    • EPSS Score: %35.76
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2013-7470

    cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013... Read more

    Affected Products : linux_kernel
    • EPSS Score: %1.27
    • Published: Apr. 23, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-7469

    Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.... Read more

    Affected Products : seafile
    • EPSS Score: %0.19
    • Published: Feb. 21, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2013-7468

    Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.... Read more

    Affected Products : simple_machines_forum
    • EPSS Score: %0.49
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-7467

    Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.... Read more

    Affected Products : simple_machines_forum
    • EPSS Score: %0.24
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-7466

    Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.... Read more

    Affected Products : simple_machines_forum
    • EPSS Score: %1.94
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7465

    Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts.... Read more

    Affected Products : servers_ultimate
    • EPSS Score: %9.24
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-7464

    In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.... Read more

    Affected Products : csrf-magic
    • EPSS Score: %0.19
    • Published: Aug. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2013-7435

    The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.... Read more

    Affected Products : evergreen
    • EPSS Score: %0.19
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7390

    Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct requ... Read more

    Affected Products : manageengine_desktop_central
    • EPSS Score: %66.78
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7381

    libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.... Read more

    Affected Products : libnotify
    • EPSS Score: %2.01
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7380

    The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability... Read more

    Affected Products : ep_imageconvert
    • EPSS Score: %1.62
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7378

    scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : hubot_scripts
    • EPSS Score: %2.01
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291739 Results