Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-10703

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The P... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10702

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The P... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10701

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The P... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10700

    An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter ... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10699

    An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an a... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10698

    An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an att... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-10697

    An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execut... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10696

    An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator in... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10695

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execut... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-10694

    An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attac... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10693

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on t... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10692

    An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10691

    An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization.... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-10690

    An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an ... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10689

    blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt p... Read more

    Affected Products : blktrace
    • Published: May. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10686

    An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $_REQUEST['path'] to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a file_put_contents call in web/upload/UploadHandler.ph... Read more

    Affected Products : control_panel
    • Published: May. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10685

    In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.... Read more

    Affected Products : long_range_zip
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-10683

    An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access the server without authentication. NOTE: the Security Realms documentation in the product's Admi... Read more

    Affected Products : wildfly
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10682

    An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration prese... Read more

    Affected Products : wildfly
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10680

    Z-BlogPHP 1.5.2 has a stored Cross Site Scripting Vulnerability exploitable by an administrator who navigates to "Web site settings --> Basic setting --> Website title" and enters an XSS payload via the zb_system/cmd.php ZC_BLOG_NAME parameter. NOTE: the ... Read more

    Affected Products : z-blogphp
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293649 Results