Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2018-10710

    The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write arbitrary physical memory. This could be ... Read more

    Affected Products : a-tuning f-stream restart_to_uefi rgbled
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-10709

    The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leverag... Read more

    Affected Products : a-tuning f-stream restart_to_uefi rgbled
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10706

    An integer overflow in the transferMulti function of a smart contract implementation for Social Chain (SCA), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets, aka the "multiOverflow" issue.... Read more

    Affected Products : social_chain
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10705

    The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. An attacker can then conduct a lockBalances() denial of service att... Read more

    Affected Products : aura
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10704

    yidashi yii2cmf 2.0 has XSS via the /search q parameter.... Read more

    Affected Products : yii2cmf
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10703

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The P... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10702

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The P... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10701

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides functionality so that an administrator can run scripts on the device to troubleshoot any issues. However, the same functionality allows an attacker to execute commands on the device. The P... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10700

    An issue was discovered on Moxa AWK-3121 1.19 devices. It provides functionality so that an administrator can change the name of the device. However, the same functionality allows an attacker to execute XSS by injecting an XSS payload. The POST parameter ... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10699

    An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides certfile upload functionality so that an administrator can upload a certificate file used for connecting to the wireless network. However, the same functionality allows an a... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10698

    An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an att... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-10697

    An issue was discovered on Moxa AWK-3121 1.14 devices. The Moxa AWK 3121 provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execut... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10696

    An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a web interface to allow an administrator to manage the device. However, this interface is not protected against CSRF attacks, which allows an attacker to trick an administrator in... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10695

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides alert functionality so that an administrator can send emails to his/her account when there are changes to the device's network. However, the same functionality allows an attacker to execut... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-10694

    An issue was discovered on Moxa AWK-3121 1.14 devices. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attac... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-10693

    An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on t... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2018-10692

    An issue was discovered on Moxa AWK-3121 1.14 devices. The session cookie "Password508" does not have an HttpOnly flag. This allows an attacker who is able to execute a cross-site scripting attack to steal the cookie very easily.... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-10691

    An issue was discovered on Moxa AWK-3121 1.14 devices. It is intended that an administrator can download /systemlog.log (the system log). However, the same functionality allows an attacker to download the file without any authentication or authorization.... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-10690

    An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an ... Read more

    Affected Products : awk-3121_firmware awk-3121
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-10689

    blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel and Android, has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small, as demonstrated by an invalid free when using the btt p... Read more

    Affected Products : blktrace
    • Published: May. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293654 Results