Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.3 MEDIUM
CVE-2026-15531 — yashbhalgat HashNeRF-pytorch Checkpoint File run_nerf.py torch.load deserialization

A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected by this issue is the function torch.load of the file run_nerf.py of the compone…

| Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.5 MEDIUM
CVE-2026-15530 — WuzhiCMS Attachment API index.php listimage information disclosure

A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Ex…

Remote | Information Disclosure
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
8.5 HIGH
CVE-2026-9492 — GIGABYTE|Gigabyte Control Center - Improper Access Control

The MBStorage DRAM lighting control module within Gigabyte Control Center (GCC) developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send s…

| Authorization
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.8 HIGH
CVE-2026-7162 — Software Integer Overflow Vulnerability

Successful exploitation of the integer overflow vulnerability could allow an attacker to achieve system-level access to the affected software.

| Memory Corruption
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.9 MEDIUM
CVE-2026-15553 — Ragic|Enterprise Cloud Database - Arbitrary File Upload

Enterprise Cloud Database developed by Ragic has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload malicious files and make them available for users to downlo…

enterprise_cloud_database | Remote | Misconfiguration
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.1 MEDIUM
CVE-2026-15552 — Ragic|Enterprise Cloud Database - Stored Cross-Site Scripting

Enterprise Cloud Database developed by Ragic has a Stored Cross-Site Scripting vulnerability, allowing unauthenticated remote attackers to inject persistent JavaScript code executed in users' browser…

enterprise_cloud_database | Remote | Cross-Site Scripting
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-15529 — yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization

A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument …

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
3.3 LOW
CVE-2026-15528 — lamaalrajih kicad-mcp path_validator.py protection mechanism

A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. This issue affects some unknown processing of the file kicad_mcp/utils/path_validator.py. Performing a manipulation of the argument pro…

| Path Traversal
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.3 MEDIUM
CVE-2026-15527 — better-auth better-icons scan_project_icons/sync_icon path traversal

A vulnerability has been found in better-auth better-icons up to 1.0.5. This vulnerability affects unknown code of the component scan_project_icons/sync_icon. Such manipulation of the argument icons_…

| Path Traversal
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
3.3 LOW
CVE-2026-15526 — augmnt augments-mcp-server scan_project_deps scan-project-deps.ts scanProjectDeps path tr…

A flaw has been found in augmnt augments-mcp-server 7.1.0. This issue affects the function scanProjectDeps of the file src/tools/v4/scan-project-deps.ts of the component scan_project_deps. Executing …

| Path Traversal
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-15525 — kLOsk adloop write.py _validate_urls server-side request forgery

A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function _validate_urls of the file src/adloop/ads/write.py. Performing a manipulation of the argument final_u…

Remote | Server-Side Request Forgery
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
3.3 LOW
CVE-2026-15524 — alioshr memory-bank-mcp list-project-files-validation-factory.ts path traversal

A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argu…

| Path Traversal
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
6.5 MEDIUM
CVE-2026-15523 — CodeAstro Simple Online Leave Management System dashboard.php sql injection

A weakness has been identified in CodeAstro Simple Online Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /SimpleOnlineLeave/admin/dashboard.php. This ma…

Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.3 MEDIUM
CVE-2026-15522 — tugcantopaloglu godot-mcp run_project index.js validatePath path traversal

A security flaw has been discovered in tugcantopaloglu godot-mcp 2.0.0. Affected by this vulnerability is the function validatePath of the file build/index.js of the component run_project. The manipu…

| Path Traversal
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.3 MEDIUM
CVE-2026-15521 — makafeli n8n-workflow-builder update_node_from_file server.cjs path traversal

A vulnerability was identified in makafeli n8n-workflow-builder up to 0.11.0. Affected is an unknown function of the file build/server.cjs of the component update_node_from_file. The manipulation of …

| Path Traversal
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.3 MEDIUM
CVE-2026-15520 — GNU LibreDWG R2004 Section Decompression decode.c decompress_R2004_section heap-based ove…

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompress_R2004_section of the file src/decode.c of the component R2004 Section Decompression. Executin…

libredwg | Memory Corruption
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.1 MEDIUM
CVE-2026-15519 — usestrix PyPI system_prompt.jinja inclusion of functionality from untrusted control sphere

A vulnerability was found in usestrix strix up to 1.0.2. This affects an unknown function of the file system_prompt.jinja of the component PyPI Handler. Performing a manipulation results in inclusion…

Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.5 MEDIUM
CVE-2026-15551 — Samsung rlottie: Numeric truncation in gray_hline() leads to heap-based buffer overflow w…

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects .

rlottie | Memory Corruption
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
5.8 MEDIUM
CVE-2026-15518 — AREA 17 Twill CMS Media Library Insert FileLibraryController.php storeFile unrestricted u…

A vulnerability has been found in AREA 17 Twill CMS up to 3.6.0. The impacted element is the function FileLibraryController::storeFile of the file src/Http/Controllers/Admin/FileLibraryController.php…

twill_cms | Remote | Misconfiguration
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
7.5 HIGH
CVE-2026-15517 — Jinher OA PlanGiveOut.aspx sql injection

A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/PlanGiveOut.aspx. This manipulation of the argument httpOID causes sql inj…

oa | Remote | Injection
Jul 13, 2026 Jul 13, 2026
Jul 13, 2026
Jul 13, 2026
Showing 20 of 7127 Results