2013 CVEs
6830 CVEs published in 2013. 156 critical, 269 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2013-3542 | Critical | 10.0 | 2019-12-11 | Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models w… |
CVE-2013-3960 | Critical | 9.9 | 2020-01-24 | Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass |
CVE-2013-10069 | Critical | 9.8 | 2025-08-05 | The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vu… |
CVE-2013-10051 | Critical | 9.8 | 2025-08-01 | A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically… |
CVE-2013-10048 | Critical | 9.8 | 2025-08-01 | An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)… |
CVE-2013-10042 | Critical | 9.8 | 2025-07-31 | A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a spe… |
CVE-2013-10040 | Critical | 9.8 | 2025-07-31 | ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoi… |
CVE-2013-2513 | Critical | 9.8 | 2023-12-12 | The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file. |
CVE-2013-4144 | Critical | 9.8 | 2022-06-30 | There is an object injection vulnerability in swfupload plugin for wordpress. |
CVE-2013-20004 | Critical | 9.8 | 2022-02-06 | A flaw was found in StarWind iSCSI target. StarWind service does not limit client connections and allocates memory on each connection attempt. An attacker coul… |
CVE-2013-6276 | Critical | 9.8 | 2021-08-09 | QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model wa… |
CVE-2013-20002 | Critical | 9.8 | 2021-06-17 | Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax… |
CVE-2013-2512 | Critical | 9.8 | 2021-01-26 | The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP pro… |
CVE-2013-7487 | Critical | 9.8 | 2020-03-21 | On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to “system”, which allows remote attackers to execute arb… |
CVE-2013-2018 | Critical | 9.8 | 2020-02-20 | Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
CVE-2013-6295 | Critical | 9.8 | 2020-02-18 | PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module |
CVE-2013-3323 | Critical | 9.8 | 2020-02-18 | A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure… |
CVE-2013-3738 | Critical | 9.8 | 2020-02-17 | A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user… |
CVE-2013-4211 | Critical | 9.8 | 2020-02-14 | A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user e… |
CVE-2013-7287 | Critical | 9.8 | 2020-02-13 | MobileIron VSP < 5.9.1 and Sentry < 5.0 has an insecure encryption scheme. |