Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2013-7467

    Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.... Read more

    Affected Products : simple_machines_forum
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-7466

    Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present after installation.... Read more

    Affected Products : simple_machines_forum
    • Published: Mar. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7465

    Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts.... Read more

    Affected Products : servers_ultimate
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-7464

    In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.... Read more

    Affected Products : csrf-magic
    • Published: Aug. 08, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2013-7435

    The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user permission for retrieval in fm_IDL.xml.... Read more

    Affected Products : evergreen
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7390

    Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct requ... Read more

    Affected Products : manageengine_desktop_central
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7381

    libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.... Read more

    Affected Products : libnotify
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7380

    The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability... Read more

    Affected Products : ep_imageconvert
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-7378

    scripts/email.coffee in the Hubot Scripts module before 2.4.4 for Node.js allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : hubot_scripts
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-7371

    node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)... Read more

    Affected Products : debian_linux connect
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-7370

    node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware... Read more

    Affected Products : debian_linux openshift opensuse connect
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-7351

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile functio... Read more

    Affected Products : shaarli
    • Published: Jan. 02, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2013-7333

    A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually de... Read more

    Affected Products : open_sdn_controller
    • Published: Oct. 23, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-7325

    An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.... Read more

    Affected Products : debian_linux devscripts
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2013-7324

    Webkit-GTK 2.x (any version with HTML5 audio/video support based on GStreamer) allows remote attackers to trigger unexpectedly high sound volume via malicious javascript. NOTE: this WebKit-GTK behavior complies with existing W3C standards and existing pra... Read more

    Affected Products : webkitgtk
    • Published: Feb. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-7287

    MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme.... Read more

    Affected Products : sentry virtual_smartphone_platform
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-7286

    MobileIron VSP < 5.9.1 and Sentry < 5.0 has a weak password obfuscation algorithm... Read more

    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2013-7245

    The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859.... Read more

    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2013-7203

    gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.... Read more

    Affected Products : gitolite
    • Published: Sep. 21, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2013-7202

    The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.... Read more

    Affected Products : paypal
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293284 Results