Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-15490 — RafyMrX TOKO-ONLINE-ROTI add.php sql injection

A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The ma…

toko-online-roti | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15489 — RafyMrX TOKO-ONLINE-ROTI login.php sql injection

A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The…

toko-online-roti | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15488 — hcr707305003 shiroiAdmin FileController.php upload unrestricted upload

A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of t…

shiroiadmin | Remote | Path Traversal
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15487 — TRENDnet TEW-821DAP Firmware Update system_ntp sub_41FBD0 os command injection

A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub_41FBD0 of the file /goform/system_ntp of the component Firmware Update Handler. Performing a manipulation of th…

tew-821dap_firmware tew-821dap | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15486 — TRENDnet TEW-821DAP Firmware Update tools_ddns sub_42026C os command injection

A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub_42026C of the file /goform/tools_ddns of the component Firmware Update Handler. Such manipulation of the a…

tew-821dap_firmware tew-821dap | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15485 — TRENDnet TEW-821DAP DNS Lookup tools_nslookup sub_43F2C4 os command injection

A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub_43F2C4 of the file /goform/tools_nslookup of the component DNS Lookup Handler. This manipulation of the …

tew-821dap_firmware tew-821dap | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
9.0 HIGH
CVE-2026-15484 — TRENDnet TEW-821DAP ssi tools_nslookup sub_41EC14 buffer overflow

A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation results in buffe…

tew-821dap_firmware tew-821dap | Remote | Memory Corruption
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
9.0 HIGH
CVE-2026-15483 — TRENDnet TEW-821DAP ssi tools_nslookup sub_41EC14 buffer overflow

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argumen…

tew-821dap_firmware tew-821dap | Remote | Memory Corruption
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15482 — Aster Telecom Azcall HTTP sis.php sql injection

A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/adm/gestao_loja/sis.php?t=consultar of the component HTTP Handler. Executi…

azcall | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
9.0 HIGH
CVE-2026-15481 — Trendnet TEW-635BRM IPoA WAN Connection Setup rc ipoa_test command injection

A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing…

tew-635brm | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
9.0 HIGH
CVE-2026-15480 — Trendnet TEW-635BRM Web Service rc start_httpd stack-based overflow

A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function start_httpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument device_…

tew-635brm | Remote | Memory Corruption
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
7.5 HIGH
CVE-2026-15479 — H3C NX15 Administrator Password Modification Endpoint modify change_passwd password recov…

A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api/login/modify of the component Administrator Password Modification Endpoin…

nx15 | Remote | Authentication
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15478 — IceHRM UserReport Endpoint EmployeeAttendanceReport.php sql injection

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a…

icehrm | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15477 — Bahmni bahmnicore Search Endpoint sql additionalParams sql injection

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a …

bahmnicore | Remote | Injection
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
5.3 MEDIUM
CVE-2026-15476 — QILING Disk Master Kernel Driver diskbckp.sys access control

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation lea…

disk_master | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
5.3 MEDIUM
CVE-2026-15475 — MiniTool Partition Wizard Signed Kernel Driver pwdrvio.sys access control

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation…

partition_wizard | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
4.3 MEDIUM
CVE-2026-15474 — Eleveo Call Recording Software audio.jsp improper authorization

A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation o…

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
6.5 MEDIUM
CVE-2026-15473 — Eleveo Call Recording Software Recorded Calls restoreCallAction.do improper authorization

A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The …

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
4.3 MEDIUM
CVE-2026-15472 — Eleveo Call Recording Software composeEmailAction.do improper authorization

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improp…

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
4.3 MEDIUM
CVE-2026-15471 — Eleveo Call Recording Software pci_dss_status.jsp improper authorization

A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci_dss_status.jsp. Performing a manipulation results in improper authorization. R…

call_recording_software | Remote | Authorization
Jul 12, 2026 Jul 12, 2026
Jul 12, 2026
Jul 12, 2026
Showing 20 of 7078 Results