Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-15478 — IceHRM UserReport Endpoint EmployeeAttendanceReport.php sql injection

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a…

Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15477 — Bahmni bahmnicore Search Endpoint sql additionalParams sql injection

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a …

Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
5.3 MEDIUM
CVE-2026-15476 — QILING Disk Master Kernel Driver diskbckp.sys access control

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation lea…

| Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
5.3 MEDIUM
CVE-2026-15475 — MiniTool Partition Wizard Signed Kernel Driver pwdrvio.sys access control

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation…

partition_wizard | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
4.3 MEDIUM
CVE-2026-15474 — Eleveo Call Recording Software audio.jsp improper authorization

A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation o…

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15473 — Eleveo Call Recording Software Recorded Calls restoreCallAction.do improper authorization

A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The …

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
4.3 MEDIUM
CVE-2026-15472 — Eleveo Call Recording Software composeEmailAction.do improper authorization

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improp…

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
4.3 MEDIUM
CVE-2026-15471 — Eleveo Call Recording Software pci_dss_status.jsp improper authorization

A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci_dss_status.jsp. Performing a manipulation results in improper authorization. R…

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
4.3 MEDIUM
CVE-2026-15470 — Eleveo Call Recording Software group.jsp improper authorization

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality of the file /callrec/group.jsp. Such manipulation leads to improper author…

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
8.3 HIGH
CVE-2026-58281 — Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
6.4 MEDIUM
CVE-2026-10660 — Shared reassembly buffer in Bluetooth BAP Broadcast Assistant enables cross-connection me…

The Bluetooth BAP Broadcast Assistant GATT client in subsys/bluetooth/audio/bap_broadcast_assistant.c reassembled remote Broadcast Receive State data into a single file-static net_buf_simple (att_buf…

zephyr zephyr | Memory Corruption
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
2.9 LOW
CVE-2026-61870 — ImageMagick before 7.1.2-26 Memory Leak via VIFF Encoder

ImageMagick before 7.1.2-26 contains a memory leak vulnerability in the VIFF encoder when memory allocation fails. Attackers can trigger allocation failures by processing specially crafted VIFF image…

imagemagick | Memory Corruption
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
3.7 LOW
CVE-2026-61861 — ImageMagick before 7.1.2-26 Use-After-Free in FormatMagickCaption

ImageMagick before 7.1.2-26 contains a use-after-free vulnerability in the FormatMagickCaption method when memory allocation fails. Attackers can trigger memory allocation failures to cause a danglin…

imagemagick | Remote | Memory Corruption
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
3.3 LOW
CVE-2026-61858 — ImageMagick before 7.1.2-26 Policy Bypass via APNG encoder

ImageMagick before 7.1.2-26 contains a policy bypass vulnerability in the APNG encoder and external delegates due to missing validation checks. Attackers can write files to disallowed paths by bypass…

imagemagick | Path Traversal
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
3.7 LOW
CVE-2026-61857 — ImageMagick before 7.1.2-26 Heap Use-After-Free via XMP

ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious image files with specially crafted XMP d…

imagemagick | Remote | Memory Corruption
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
3.3 LOW
CVE-2026-61465 — ImageMagick before 7.1.2-26 Memory Allocation Policy Bypass

ImageMagick before 7.1.2-26 and 6.9.13-51 is missing a check for the allowed memory allocation limit in matrix-backed operations such as -canny. An attacker can supply a crafted image that causes Ima…

imagemagick | Denial of Service
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
5.3 MEDIUM
CVE-2026-61454 — Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin (getgrav/grav-plugin-admin2) before 2.0.4 embeds a global JavaScript variable window.__GRAV_CONFIG__ in the Admin2 SPA bootstrap page at /grav/admin (and its subroutes). This o…

grav | Remote | Information Disclosure
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
2.1 LOW
CVE-2026-61448 — Parse Server 9.0.0 Stored XSS via malformed Content-Type

Parse Server is affected by a stored cross-site scripting (XSS) vulnerability in versions >= 9.0.0, < 9.10.0-alpha.2 and <= 8.6.83. When an uploaded file's extension is not recognized by the mime pac…

parse-server | Remote | Cross-Site Scripting
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
10.0 CRITICAL
CVE-2026-61447 — PraisonAI before 1.6.78 Remote Code Execution via CodeAgent

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent._execute_python() that executes LLM-generated Python code without AST validation, import restrictions, or sandbox e…

praisonai | Remote | Injection
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
9.9 CRITICAL
CVE-2026-61445 — PraisonAI before 4.6.78 Arbitrary File Write and Command Execution

PraisonAI before 4.6.78 contains arbitrary file write and command execution vulnerabilities in the AICoder component due to missing path validation and command sanitization in LLM tool calls. Attacke…

praisonai | Remote | Path Traversal
Jul 11, 2026 Jul 11, 2026
Jul 11, 2026
Jul 11, 2026
Showing 20 of 7288 Results