Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2013-2624

    Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request.... Read more

    Affected Products : telaen
    • EPSS Score: %9.40
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-2623

    Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php.... Read more

    Affected Products : telaen
    • EPSS Score: %2.63
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-2622

    Cross-site Scripting (XSS) in UebiMiau 2.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the "selected_theme" parameter in error.php.... Read more

    Affected Products : uebimiau
    • EPSS Score: %0.30
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-2621

    Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.... Read more

    Affected Products : telaen
    • EPSS Score: %10.19
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2612

    Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI.... Read more

    Affected Products : e587_firmware e587
    • EPSS Score: %5.72
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-2600

    MiniUPnPd has information disclosure use of snprintf()... Read more

    Affected Products : debian_linux miniupnpd
    • EPSS Score: %0.49
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-2574

    An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information.... Read more

    Affected Products : fi8620_firmware fi8620
    • EPSS Score: %30.51
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2573

    A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.... Read more

    • EPSS Score: %22.39
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-2572

    A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access ... Read more

    • EPSS Score: %49.29
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2571

    Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.... Read more

    Affected Products : xpient_iris
    • EPSS Score: %62.05
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2570

    A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.... Read more

    • EPSS Score: %29.42
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-2569

    A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6.3 because the RTSP protocol authentication is disabled by default, which could let a malicious user obtain unauthorized access to the live video stream.... Read more

    • EPSS Score: %68.04
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2568

    A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 via the ap parameter to /cgi-bin/mft/wireless_mft.cgi, which could let a remote malicious user execute arbitrary code.... Read more

    • EPSS Score: %57.51
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-2567

    An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.... Read more

    • EPSS Score: %52.74
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2013-2565

    A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.... Read more

    Affected Products : mambo_cms
    • EPSS Score: %0.26
    • Published: Feb. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-2516

    Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.... Read more

    Affected Products : fileutils
    • EPSS Score: %2.38
    • Published: Feb. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2513

    The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file.... Read more

    Affected Products : flash_tool
    • EPSS Score: %0.59
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2512

    The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.... Read more

    Affected Products : ftpd
    • EPSS Score: %2.84
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-2499

    SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie.... Read more

    Affected Products : simplehrm
    • EPSS Score: %1.16
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-2474

    Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter.... Read more

    Affected Products : aws_xms
    • EPSS Score: %34.23
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291647 Results