| CVE-2013-6320 | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6301, and CVE-2013-6333. | medium | 2026-04-29 |
| CVE-2013-6319 | IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to bypass intended access restrictions and read content via unspecified vectors. | medium | 2026-04-29 |
| CVE-2013-6318 | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | medium | 2026-04-29 |
| CVE-2013-6316 | IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor. | medium | 2026-04-29 |
| CVE-2013-6312 | Unspecified vulnerability in IBM Rational Service Tester 8.3.x and 8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x before 8.5.1 allows remote attackers to read arbitrary files via unknown vectors. | high | 2026-04-29 |
| CVE-2013-6307 | Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | medium | 2026-04-29 |
| CVE-2013-6305 | IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging knowledge of this key. | medium | 2026-04-29 |
| CVE-2013-6303 | Directory traversal vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to read arbitrary files via unspecified vectors. | medium | 2026-04-29 |
| CVE-2013-6302 | SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6331. | high | 2026-04-29 |
| CVE-2013-6301 | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6320, and CVE-2013-6333. | medium | 2026-04-29 |
| CVE-2013-6300 | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333. | medium | 2026-04-29 |
| CVE-2013-6299 | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6300, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333. | medium | 2026-04-29 |
| CVE-2013-6289 | Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | medium | 2026-04-29 |
| CVE-2013-6288 | Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize." | critical | 2026-04-29 |
| CVE-2013-6285 | The search component in the Treasurer application in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to obtain sensitive query-structure information via an invalid search request, a different vulnerability than CVE-2013-6020. | medium | 2026-04-29 |
| CVE-2013-6284 | Unspecified vulnerability in the Statutory Reporting for Insurance (FS_SR) component in the Financial Services module for SAP ERP Central Component (ECC) allows attackers to execute arbitrary code via unspecified vectors, related to a "code injection vulnerability." | critical | 2026-04-29 |
| CVE-2013-6283 | VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file. | critical | 2026-04-29 |
| CVE-2013-6281 | Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "page" parameter. | medium | 2026-04-29 |
| CVE-2013-6280 | Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | medium | 2026-04-29 |
| CVE-2013-6271 | Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option. | critical | 2026-04-29 |
| CVE-2013-6267 | Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php. | medium | 2026-04-29 |
| CVE-2013-6246 | The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters. | critical | 2026-04-29 |
| CVE-2013-6245 | Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors. | high | 2026-04-29 |
| CVE-2013-6244 | The Live Update webdynpro application (webdynpro/dispatcher/sap.com/tc~slm~ui_lup/LUP) in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | high | 2026-04-29 |
| CVE-2013-6243 | SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the "post" parameter to index.php. | critical | 2026-04-29 |
| CVE-2013-6237 | The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session. | medium | 2026-04-29 |
| CVE-2013-6235 | Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java Application Monitor) 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listenertype or (2) currentlistener parameter to mondetail.jsp or ArraySQL parameter to (3) mondetail.jsp, (4) jamonadmin.jsp, (5) sql.jsp, or (6) exceptions.jsp. | medium | 2026-04-29 |
| CVE-2013-6230 | The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask. | high | 2026-04-29 |
| CVE-2013-6229 | Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585. | medium | 2026-04-29 |
| CVE-2013-6226 | Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors. | critical | 2026-04-29 |
| CVE-2013-6224 | Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) unspecified vectors to the admins visitor information panel, or (3) a text message in a chat session, which is saved in the archive section. | medium | 2026-04-29 |
| CVE-2013-6204 | The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, aka ZDI-CAN-2004. | critical | 2026-04-29 |
| CVE-2013-6203 | The Web Console in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, 7.0, and 7.1 allows remote attackers to execute arbitrary code or obtain sensitive information via unspecified vectors, aka ZDI-CAN-1656. | critical | 2026-04-29 |
| CVE-2013-6202 | Multiple cross-site request forgery (CSRF) vulnerabilities in HP Service Manager 9.30, 9.31, 9.32, and 9.33 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) insert XSS sequences or (2) execute arbitrary code. | high | 2026-04-29 |
| CVE-2013-6198 | Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | medium | 2026-04-29 |
| CVE-2013-6197 | Unspecified vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated users to execute arbitrary code via unknown vectors. | high | 2026-04-29 |
| CVE-2013-6196 | Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | medium | 2026-04-29 |
| CVE-2013-6195 | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008. | critical | 2026-04-29 |
| CVE-2013-6194 | Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905. | critical | 2026-04-29 |
| CVE-2013-6193 | Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers allows remote attackers to cause a denial of service via unknown vectors. | high | 2026-04-29 |
| CVE-2013-6192 | Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration before 9 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | high | 2026-04-29 |
| CVE-2013-6191 | Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | medium | 2026-04-29 |
| CVE-2013-6189 | Unspecified vulnerability in the Archive Query Server in HP Application Information Optimizer (formerly HP Database Archiving) 6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1666. | critical | 2026-04-29 |
| CVE-2013-6182 | Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. | high | 2026-04-29 |
| CVE-2013-6181 | EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. | medium | 2026-04-29 |
| CVE-2013-6180 | EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent. | critical | 2026-04-29 |
| CVE-2013-6178 | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | medium | 2026-04-29 |
| CVE-2013-6177 | Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access. | medium | 2026-04-29 |
| CVE-2013-6176 | Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote authenticated users to execute arbitrary SQL commands via unspecified input to a (1) xAdmin or (2) xDashboard form. | high | 2026-04-29 |
| CVE-2013-6175 | Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to inject arbitrary web script or HTML via unspecified input to a (1) xAdmin or (2) xDashboard form. | medium | 2026-04-29 |
