Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2013-2016

    A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this ... Read more

    • EPSS Score: %0.07
    • Published: Dec. 30, 2019
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2013-2012

    autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory.... Read more

    Affected Products : debian_linux autojump
    • EPSS Score: %0.10
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-2011

    WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.... Read more

    Affected Products : w3_super_cache
    • EPSS Score: %5.91
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-2010

    WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability... Read more

    Affected Products : w3_total_cache wp_super_cache
    • EPSS Score: %83.16
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-2009

    WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution... Read more

    Affected Products : wp_super_cache
    • EPSS Score: %26.01
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-2008

    WordPress Super Cache Plugin 1.3 has XSS.... Read more

    Affected Products : wp_super_cache
    • EPSS Score: %0.26
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-20004

    A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker could create a denial of service state by trying to connect a non-existent target multiple times. Th... Read more

    Affected Products : iscsi_san
    • EPSS Score: %0.47
    • Published: Feb. 06, 2022
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2013-20003

    Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic.... Read more

    • EPSS Score: %0.14
    • Published: Feb. 04, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-20002

    Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.... Read more

    Affected Products : framework
    • EPSS Score: %2.80
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-20001

    An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the configurati... Read more

    Affected Products : openzfs
    • EPSS Score: %0.17
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-1951

    A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.... Read more

    Affected Products : linux_kernel debian_linux mediawiki
    • EPSS Score: %1.78
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2013-1945

    ruby193 uses an insecure LD_LIBRARY_PATH setting.... Read more

    Affected Products : ruby193
    • EPSS Score: %0.11
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-1938

    Zimbra 2013 has XSS in aspell.php... Read more

    Affected Products : zimbra
    • EPSS Score: %2.28
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-1934

    A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value.... Read more

    Affected Products : debian_linux mantisbt
    • EPSS Score: %0.35
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-1932

    A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name.... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.69
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-1931

    A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.... Read more

    Affected Products : fedora mantisbt
    • EPSS Score: %1.43
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-1930

    MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.... Read more

    Affected Products : fedora mantisbt
    • EPSS Score: %0.70
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-1924

    Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2... Read more

    Affected Products : commerce_skrill
    • EPSS Score: %0.24
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-1916

    In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.... Read more

    Affected Products : user_photo
    • EPSS Score: %26.48
    • Published: Jun. 24, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-1910

    yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.... Read more

    Affected Products : debian_linux yum
    • EPSS Score: %0.85
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291728 Results