Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2013-4357

    The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.... Read more

    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4335

    opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities... Read more

    Affected Products : opopensocialplugin
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4334

    opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities... Read more

    Affected Products : opwebapiplugin
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2013-4333

    OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability... Read more

    Affected Products : openpne
    • Published: Jan. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-4318

    File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.... Read more

    Affected Products : feature
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-4317

    In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.... Read more

    Affected Products : cloudstack
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-4303

    includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows ... Read more

    Affected Products : mediawiki
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2013-4280

    Insecure temporary file vulnerability in RedHat vsdm 4.9.6.... Read more

    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-4275

    Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to in... Read more

    Affected Products : zen
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-4267

    Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFil... Read more

    Affected Products : pydio
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2013-4251

    The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories.... Read more

    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2013-4245

    Orca has arbitrary code execution due to insecure Python module load... Read more

    Affected Products : debian_linux orca
    • Published: Dec. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2013-4241

    Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimon... Read more

    Affected Products : hms_testimonials
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2013-4235

    shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees... Read more

    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-4228

    The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read ... Read more

    Affected Products : organic_groups
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-4227

    Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_token function in persona.module in the Mozilla Persona module 7.x-1.x before 7.x-1.11 for Drupal allows remote attackers to hijack the authentication of aribitrary users via a security t... Read more

    Affected Products : persona
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2013-4226

    The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via t... Read more

    Affected Products : authenticated_user_page_caching
    • Published: Feb. 18, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2013-4225

    The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "c... Read more

    Affected Products : restful_web_services
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2013-4211

    A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code... Read more

    Affected Products : openx
    • Published: Feb. 14, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2013-4209

    Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to obtain sensitive information about arbitrary files via vectors related to sha1sums.... Read more

    Affected Products : automatic_bug_reporting_tool
    • Published: May. 01, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293355 Results