Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2013-4410

    ReviewBoard: has an access-control problem in REST API... Read more

    Affected Products : fedora reviewboard
    • EPSS Score: %0.97
    • Published: Dec. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4409

    An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests.... Read more

    • EPSS Score: %1.17
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-4395

    Simple Machines Forum (SMF) through 2.0.5 has XSS... Read more

    Affected Products : simple_machines_forum
    • EPSS Score: %0.27
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2013-4374

    An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.... Read more

    • EPSS Score: %0.10
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2013-4367

    ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.... Read more

    Affected Products : linux_kernel ovirt-engine ovirt-engine
    • EPSS Score: %0.10
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2013-4364

    (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.... Read more

    Affected Products : openshift openshift
    • EPSS Score: %0.03
    • Published: Jan. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-4357

    The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.... Read more

    • EPSS Score: %1.16
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4335

    opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities... Read more

    Affected Products : opopensocialplugin
    • EPSS Score: %2.10
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4334

    opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities... Read more

    Affected Products : opwebapiplugin
    • EPSS Score: %0.36
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2013-4333

    OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability... Read more

    Affected Products : openpne
    • EPSS Score: %2.16
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-4318

    File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.... Read more

    Affected Products : feature
    • EPSS Score: %0.24
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-4317

    In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.... Read more

    Affected Products : cloudstack
    • EPSS Score: %0.46
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-4303

    includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows ... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.60
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2013-4280

    Insecure temporary file vulnerability in RedHat vsdm 4.9.6.... Read more

    • EPSS Score: %0.13
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-4275

    Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to in... Read more

    Affected Products : zen
    • EPSS Score: %0.41
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-4267

    Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFil... Read more

    Affected Products : pydio
    • EPSS Score: %7.06
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2013-4251

    The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2013-4245

    Orca has arbitrary code execution due to insecure Python module load... Read more

    Affected Products : debian_linux orca
    • EPSS Score: %0.15
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-4241

    Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimon... Read more

    Affected Products : hms_testimonials
    • EPSS Score: %0.52
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2013-4235

    shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees... Read more

    • EPSS Score: %0.06
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results