Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-15498 — sergomanov SmartHomeAdatum Login users.php sql injection

A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipu…

smarthomeadatum | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15497 — SonicCloudOrg sonic-agent JWT Authentication Filter ExchangeController.java code injection

A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/Excha…

sonic-agent | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15496 — SonicCloudOrg sonic-agent Groovy Script GroovyScriptImpl.java evalIsFailed os command inj…

A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovySc…

sonic-agent | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15495 — SonicCloudOrg sonic-agent Android WebSocket Server AndroidWSServer.java os command inject…

A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The ma…

sonic-agent | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
5.8 MEDIUM
CVE-2026-15494 — AMTT Hotel Broadband Operation System switch_status.php sql injection

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch_status.php. Executing a manipulation of the argument ID can lead…

hotel_broadband_operation_system | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
5.1 MEDIUM
CVE-2026-15493 — Akpali9 Attendance-Management-System absent.php cross site scripting

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a ma…

Remote | Cross-Site Scripting
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
5.0 MEDIUM
CVE-2026-15492 — igweze wizgrade studentConductManager.php cross site scripting

A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. …

wizgrade | Remote | Cross-Site Scripting
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15491 — RafyMrX TOKO-ONLINE-ROTI missing authentication

A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is…

toko-online-roti | Remote | Authentication
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15490 — RafyMrX TOKO-ONLINE-ROTI add.php sql injection

A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The ma…

toko-online-roti | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15489 — RafyMrX TOKO-ONLINE-ROTI login.php sql injection

A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The…

toko-online-roti | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15488 — hcr707305003 shiroiAdmin FileController.php upload unrestricted upload

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of t…

shiroiadmin | Remote | Path Traversal
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15487 — TRENDnet TEW-821DAP Firmware Update system_ntp sub_41FBD0 os command injection

A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub_41FBD0 of the file /goform/system_ntp of the component Firmware Update Handler. Performing a manipulation of th…

tew-821dap_firmware tew-821dap | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15486 — TRENDnet TEW-821DAP Firmware Update tools_ddns sub_42026C os command injection

A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub_42026C of the file /goform/tools_ddns of the component Firmware Update Handler. Such manipulation of the a…

tew-821dap_firmware tew-821dap | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15485 — TRENDnet TEW-821DAP DNS Lookup tools_nslookup sub_43F2C4 os command injection

A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub_43F2C4 of the file /goform/tools_nslookup of the component DNS Lookup Handler. This manipulation of the …

tew-821dap_firmware tew-821dap | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
9.0 HIGH
CVE-2026-15484 — TRENDnet TEW-821DAP ssi tools_nslookup sub_41EC14 buffer overflow

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation results in buffe…

tew-821dap_firmware tew-821dap | Remote | Memory Corruption
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
9.0 HIGH
CVE-2026-15483 — TRENDnet TEW-821DAP ssi tools_nslookup sub_41EC14 buffer overflow

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argumen…

tew-821dap_firmware tew-821dap | Remote | Memory Corruption
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15482 — Aster Telecom Azcall HTTP sis.php sql injection

A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/adm/gestao_loja/sis.php?t=consultar of the component HTTP Handler. Executi…

azcall | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
9.0 HIGH
CVE-2026-15481 — Trendnet TEW-635BRM IPoA WAN Connection Setup rc ipoa_test command injection

A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing…

tew-635brm | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
9.0 HIGH
CVE-2026-15480 — Trendnet TEW-635BRM Web Service rc start_httpd stack-based overflow

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function start_httpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument device_…

tew-635brm | Remote | Memory Corruption
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15479 — H3C NX15 Administrator Password Modification Endpoint modify change_passwd password recov…

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api/login/modify of the component Administrator Password Modification Endpoin…

nx15 | Remote | Authentication
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
Showing 20 of 7098 Results