Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2013-3941

    Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a ... Read more

    Affected Products : xnview
    • EPSS Score: %5.32
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2013-3939

    xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension err... Read more

    Affected Products : xnview
    • EPSS Score: %1.01
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2013-3937

    Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file.... Read more

    Affected Products : xnview
    • EPSS Score: %1.16
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-3936

    Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : opsview opsview_core
    • EPSS Score: %0.28
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-3935

    Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.... Read more

    Affected Products : opsview opsview_core
    • EPSS Score: %0.13
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-3932

    SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administr... Read more

    Affected Products : jomres
    • EPSS Score: %1.34
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-3931

    Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related... Read more

    Affected Products : jomres
    • EPSS Score: %0.26
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-3738

    A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.... Read more

    Affected Products : zabbix
    • EPSS Score: %2.86
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-3725

    Invision Power Board (IPB) through 3.x allows admin account takeover leading to code execution.... Read more

    Affected Products : invision_power_board
    • EPSS Score: %0.88
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-3722

    A Denial of Service (infinite loop) exists in OpenSIPS before 1.10 in lookup.c.... Read more

    Affected Products : opensips
    • EPSS Score: %0.33
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2013-3718

    evince is missing a check on number of pages which can lead to a segmentation fault... Read more

    • EPSS Score: %0.52
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-3703

    The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data.... Read more

    Affected Products : open_build_service
    • EPSS Score: %0.30
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2013-3691

    AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.... Read more

    • EPSS Score: %6.73
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2013-3685

    A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privi... Read more

    Affected Products : spritebackup spritebud e971 e973 e975 e975k e975t e976 e977 f100k +35 more products
    • EPSS Score: %0.08
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-3684

    NextGEN Gallery plugin before 1.9.13 for WordPress: ngggallery.php file upload... Read more

    Affected Products : nextgen_gallery
    • EPSS Score: %44.66
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-3638

    SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.... Read more

    Affected Products : dolphin
    • EPSS Score: %0.39
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-3637

    ProjectPier 0.8.8 does not use the Secure flag for cookies... Read more

    Affected Products : projectpier
    • EPSS Score: %0.18
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-3636

    ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag... Read more

    Affected Products : projectpier
    • EPSS Score: %0.24
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-3635

    ProjectPier 0.8.8 has stored XSS... Read more

    Affected Products : projectpier
    • EPSS Score: %0.18
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-3629

    ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution... Read more

    Affected Products : ispconfig
    • EPSS Score: %77.05
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results