Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2013-4318

    File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.... Read more

    Affected Products : feature
    • EPSS Score: %0.24
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-4317

    In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.... Read more

    Affected Products : cloudstack
    • EPSS Score: %0.46
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-4303

    includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows ... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.60
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2013-4280

    Insecure temporary file vulnerability in RedHat vsdm 4.9.6.... Read more

    • EPSS Score: %0.13
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-4275

    Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to in... Read more

    Affected Products : zen
    • EPSS Score: %0.41
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-4267

    Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFil... Read more

    Affected Products : pydio
    • EPSS Score: %7.06
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2013-4251

    The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.... Read more

    • EPSS Score: %0.09
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2013-4245

    Orca has arbitrary code execution due to insecure Python module load... Read more

    Affected Products : debian_linux orca
    • EPSS Score: %0.15
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-4241

    Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimon... Read more

    Affected Products : hms_testimonials
    • EPSS Score: %0.52
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2013-4235

    shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees... Read more

    • EPSS Score: %0.06
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-4228

    The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read ... Read more

    Affected Products : organic_groups
    • EPSS Score: %0.23
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-4227

    Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security t... Read more

    Affected Products : persona
    • EPSS Score: %0.20
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2013-4226

    The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via t... Read more

    Affected Products : authenticated_user_page_caching
    • EPSS Score: %0.24
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-4225

    The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "c... Read more

    Affected Products : restful_web_services
    • EPSS Score: %0.55
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4211

    A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code... Read more

    Affected Products : openx
    • EPSS Score: %88.60
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2013-4209

    Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.... Read more

    Affected Products : automatic_bug_reporting_tool
    • EPSS Score: %0.04
    • Published: May. 01, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-4201

    Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.... Read more

    Affected Products : subscription_asset_manager katello
    • EPSS Score: %0.12
    • Published: May. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2013-4187

    The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node.... Read more

    Affected Products : flippy
    • EPSS Score: %0.68
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2013-4184

    Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks... Read more

    Affected Products : debian_linux \
    • EPSS Score: %0.04
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2013-4176

    mysecureshell 1.31: Local Information Disclosure Vulnerability... Read more

    Affected Products : mysecureshell
    • EPSS Score: %0.06
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291722 Results