Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2018-10718

    Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 before 2018-04-26 allows remote attackers to execute arbitrary code via crafted packets.... Read more

    Affected Products : call_of_duty_modern_warfare_2
    • Published: May. 03, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10717

    The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly... Read more

    Affected Products : ngiflib
    • Published: May. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10716

    An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because WM_CLOSE is not properly consider... Read more

    Affected Products : 2345_security_guard
    • Published: May. 03, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10713

    An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corrupti... Read more

    • Published: May. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10712

    The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read/write data from/to IO ports. This could be leverage... Read more

    Affected Products : a-tuning f-stream restart_to_uefi rgbled
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10711

    The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write Machine Specific Registers (MSRs). This c... Read more

    Affected Products : a-tuning f-stream restart_to_uefi rgbled
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-10710

    The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be ... Read more

    Affected Products : a-tuning f-stream restart_to_uefi rgbled
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10709

    The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leverag... Read more

    Affected Products : a-tuning f-stream restart_to_uefi rgbled
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10706

    An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the "multiOverflow" issue.... Read more

    Affected Products : social_chain
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10705

    The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. An attacker can then conduct a lockBalances() denial of service att... Read more

    Affected Products : aura
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10704

    yidashi yii2cmf 2.0 has XSS via the /search q parameter.... Read more

    Affected Products : yii2cmf
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10703

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The P... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10702

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The P... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10701

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The P... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10700

    An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter ... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10699

    An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an a... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10698

    An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an att... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-10697

    An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execut... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10696

    An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator in... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10695

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execut... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293640 Results