Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.3

    HIGH
    CVE-2013-4245

    Orca has arbitrary code execution due to insecure Python module load... Read more

    Affected Products : debian_linux orca
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-4241

    Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimon... Read more

    Affected Products : hms_testimonials
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2013-4235

    shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees... Read more

    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-4228

    The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read ... Read more

    Affected Products : organic_groups
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-4227

    Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security t... Read more

    Affected Products : persona
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2013-4226

    The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via t... Read more

    Affected Products : authenticated_user_page_caching
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-4225

    The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "c... Read more

    Affected Products : restful_web_services
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4211

    A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code... Read more

    Affected Products : openx
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2013-4209

    Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.... Read more

    Affected Products : automatic_bug_reporting_tool
    • Published: May. 01, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-4201

    Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.... Read more

    Affected Products : subscription_asset_manager katello
    • Published: May. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2013-4187

    The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node.... Read more

    Affected Products : flippy
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2013-4184

    Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks... Read more

    Affected Products : debian_linux \
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2013-4176

    mysecureshell 1.31: Local Information Disclosure Vulnerability... Read more

    Affected Products : mysecureshell
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2013-4175

    MySecureShell 1.31 has a Local Denial of Service Vulnerability... Read more

    Affected Products : mysecureshell
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-4170

    In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if ... Read more

    Affected Products : ember.js
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-4168

    Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.... Read more

    Affected Products : fedora debian_linux smokeping
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-4166

    The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email encryption, which might cause the email to be encrypted ... Read more

    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2013-4161

    gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue.... Read more

    Affected Products : fedora gksu-polkit
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-4158

    smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)... Read more

    Affected Products : fedora debian_linux smokeping
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4144

    There is an object injection vulnerability in swfupload plugin for wordpress.... Read more

    Affected Products : swfupload
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292907 Results