Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
5.4 MEDIUM
CVE-2026-56252 — Capgo - Scope Isolation Failure in Webhook Test Endpoint

Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped c…

Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
8.3 HIGH
CVE-2026-56241 — Capgo - RBAC Demotion Privilege Retention via Stale org_users.user_right

Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org…

Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
8.7 HIGH
CVE-2026-56238 — Capgo - Unauthenticated Information Disclosure via PostgREST global_stats Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operationa…

Remote | Information Disclosure
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15500 — AstrBotDevs AstrBot market_list Endpoint plugin.py get_online_plugins server-side request…

A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_online_plugins of the file astrbot/dashboard/routes/plugin.py of the component m…

Remote | Server-Side Request Forgery
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15499 — AstrBotDevs AstrBot Scheduled Task cron_tools.py FutureTaskTool.call improper authorizati…

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/cron_tools.py of the component Scheduled Task Hand…

Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15498 — sergomanov SmartHomeAdatum Login users.php sql injection

A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipu…

Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15497 — SonicCloudOrg sonic-agent JWT Authentication Filter ExchangeController.java code injection

A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/Excha…

Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15496 — SonicCloudOrg sonic-agent Groovy Script GroovyScriptImpl.java evalIsFailed os command inj…

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovySc…

Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15495 — SonicCloudOrg sonic-agent Android WebSocket Server AndroidWSServer.java os command inject…

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The ma…

Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
5.8 MEDIUM
CVE-2026-15494 — AMTT Hotel Broadband Operation System switch_status.php sql injection

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch_status.php. Executing a manipulation of the argument ID can lead…

Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
5.1 MEDIUM
CVE-2026-15493 — Akpali9 Attendance-Management-System absent.php cross site scripting

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a ma…

Remote | Cross-Site Scripting
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
5.0 MEDIUM
CVE-2026-15492 — igweze wizgrade studentConductManager.php cross site scripting

A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. …

Remote | Cross-Site Scripting
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15491 — RafyMrX TOKO-ONLINE-ROTI missing authentication

A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is…

Remote | Authentication
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15490 — RafyMrX TOKO-ONLINE-ROTI add.php sql injection

A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The ma…

Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15489 — RafyMrX TOKO-ONLINE-ROTI login.php sql injection

A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The…

Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15488 — hcr707305003 shiroiAdmin FileController.php upload unrestricted upload

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of t…

Remote | Path Traversal
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15487 — TRENDnet TEW-821DAP Firmware Update system_ntp sub_41FBD0 os command injection

A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub_41FBD0 of the file /goform/system_ntp of the component Firmware Update Handler. Performing a manipulation of th…

tew-821dap | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15486 — TRENDnet TEW-821DAP Firmware Update tools_ddns sub_42026C os command injection

A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub_42026C of the file /goform/tools_ddns of the component Firmware Update Handler. Such manipulation of the a…

tew-821dap_firmware tew-821dap | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15485 — TRENDnet TEW-821DAP DNS Lookup tools_nslookup sub_43F2C4 os command injection

A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub_43F2C4 of the file /goform/tools_nslookup of the component DNS Lookup Handler. This manipulation of the …

tew-821dap_firmware tew-821dap | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
9.0 HIGH
CVE-2026-15484 — TRENDnet TEW-821DAP ssi tools_nslookup sub_41EC14 buffer overflow

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation results in buffe…

tew-821dap_firmware tew-821dap | Remote | Memory Corruption
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
Showing 20 of 7197 Results