Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.0 HIGH
CVE-2026-15483 — TRENDnet TEW-821DAP ssi tools_nslookup sub_41EC14 buffer overflow

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argumen…

tew-821dap_firmware tew-821dap | Remote | Memory Corruption
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15482 — Aster Telecom Azcall HTTP sis.php sql injection

A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/adm/gestao_loja/sis.php?t=consultar of the component HTTP Handler. Executi…

azcall | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
9.0 HIGH
CVE-2026-15481 — Trendnet TEW-635BRM IPoA WAN Connection Setup rc ipoa_test command injection

A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing…

tew-635brm | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
9.0 HIGH
CVE-2026-15480 — Trendnet TEW-635BRM Web Service rc start_httpd stack-based overflow

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function start_httpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument device_…

tew-635brm | Remote | Memory Corruption
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15479 — H3C NX15 Administrator Password Modification Endpoint modify change_passwd password recov…

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api/login/modify of the component Administrator Password Modification Endpoin…

nx15 | Remote | Authentication
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15478 — IceHRM UserReport Endpoint EmployeeAttendanceReport.php sql injection

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a…

icehrm | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15477 — Bahmni bahmnicore Search Endpoint sql additionalParams sql injection

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a …

bahmnicore | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
5.3 MEDIUM
CVE-2026-15476 — QILING Disk Master Kernel Driver diskbckp.sys access control

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation lea…

disk_master | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
5.3 MEDIUM
CVE-2026-15475 — MiniTool Partition Wizard Signed Kernel Driver pwdrvio.sys access control

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation…

partition_wizard | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
4.3 MEDIUM
CVE-2026-15474 — Eleveo Call Recording Software audio.jsp improper authorization

A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation o…

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15473 — Eleveo Call Recording Software Recorded Calls restoreCallAction.do improper authorization

A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The …

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
4.3 MEDIUM
CVE-2026-15472 — Eleveo Call Recording Software composeEmailAction.do improper authorization

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improp…

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
4.3 MEDIUM
CVE-2026-15471 — Eleveo Call Recording Software pci_dss_status.jsp improper authorization

A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci_dss_status.jsp. Performing a manipulation results in improper authorization. R…

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
4.3 MEDIUM
CVE-2026-15470 — Eleveo Call Recording Software group.jsp improper authorization

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality of the file /callrec/group.jsp. Such manipulation leads to improper author…

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
8.3 HIGH
CVE-2026-58281 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
6.4 MEDIUM
CVE-2026-10660 — Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection me…

The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assistant.c reassembled remote Broadcast Receive State data into a single file-static net_buf_simple (att_buf…

zephyr zephyr | Memory Corruption
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
2.9 LOW
CVE-2026-61870 — ImageMagick before 7.1.2-26 Memory Leak via VIFF Encoder

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF image…

imagemagick | Memory Corruption
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
3.7 LOW
CVE-2026-61861 — ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption

ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a danglin…

imagemagick | Remote | Memory Corruption
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
3.3 LOW
CVE-2026-61858 — ImageMagick before 7.1.2-26 Policy Bypass via APNG encoder

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypass…

imagemagick | Path Traversal
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
3.7 LOW
CVE-2026-61857 — ImageMagick before 7.1.2-26 Heap Use-After-Free via XMP

ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP d…

imagemagick | Remote | Memory Corruption
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
Showing 20 of 7190 Results