Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,518
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,501 - 1,520 of 40,154 CVEs
CVE-2026-14753 HIGH - 7.3

A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignment_item_id results in authorization ...

Vendor: mjperpinosa
Product: stumasy
Published: Jul 05, 2026
Source: NVD

A security vulnerability has been detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This affects the function add_definition of the file application/PHP/objects/notes/add_into_dictionary.php. Such manipulation of the argument reference leads to cross site scripting. It ...

Vendor: mjperpinosa
Product: stumasy
Published: Jul 05, 2026
Source: NVD
CVE-2026-14751 MEDIUM - 6.3

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notes_controller::search_scratch_data of the file application/PHP/objects/notes/search_scratch_data.php. This manipulation of the argument field_name causes sql ...

Vendor: mjperpinosa
Product: stumasy
Published: Jul 05, 2026
Source: NVD
CVE-2026-14750 HIGH - 7.3

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notes_controller::accessing_dictionary_authorization of the file application/PHP/objects/notes/accessing_dictionary_authorization.php. The manipulation of t...

Vendor: mjperpinosa
Product: stumasy
Published: Jul 05, 2026
Source: NVD

An unauthenticated improper input validation vulnerability in the POST /fetch_cve_data endpoint in cve-search. A remote attacker can manipulate request parameters controlling the MongoDB collection, projected fields, and regular-expression filters to read arbitrary application MongoDB collections. T...

Vendor: cve-search
Product: cve-search
Published: Jul 05, 2026
Source: NVD
CVE-2026-14749 HIGH - 7.3

A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imba_calculator/calculate.php. The manipulation of the argument mathematical_sentence leads to code injection. The attack is possible to b...

Vendor: mjperpinosa
Product: stumasy
Published: Jul 05, 2026
Source: NVD
CVE-2026-14748 MEDIUM - 6.3

A flaw has been found in AIAnytime Awesome-MCP-Server up to a884bb51bcd99e08e14fd712c749d55d9d9a13ab. Affected by this issue is some unknown functionality of the file mcp-wiki/src/mcp_wiki/server.py of the component mcp-wiki/wiki-summary. This manipulation of the argument url causes server-side requ...

Vendor: AIAnytime
Product: Awesome-MCP-Server
Published: Jul 05, 2026
Source: NVD
CVE-2026-14747 HIGH - 7.3

A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of the argument amen results in sql injection. The attack can be launched remotely.

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD
CVE-2026-14746 HIGH - 7.3

A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD
CVE-2026-14745 HIGH - 7.3

A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-list_rent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the...

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD
CVE-2026-14744 HIGH - 7.3

A security flaw has been discovered in code-projects Real State Services 1.0. This affects an unknown function of the file /normalHomeRent.php. Performing a manipulation of the argument loc results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the...

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD
CVE-2026-14743 HIGH - 7.3

A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be ...

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function _freeze of the file libs/langgraph/langgraph/_internal/_cache.py of the component Task Result Cache. This manipulation of the argument default_cache_key causes use of weak hash. The attack is p...

Vendor: langchain-ai
Product: langgraph
Published: Jul 05, 2026
Source: NVD

A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high co...

Vendor: exo-explore
Product: exo
Published: Jul 05, 2026
Source: NVD
CVE-2026-14737 HIGH - 7.3

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly av...

Vendor: Hanwang
Product: e-Face General Management Platform
Published: Jul 05, 2026
Source: NVD
CVE-2026-14736 HIGH - 7.3

A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file user_auth_commit.php. Performing a manipulation of the argument upload_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been...

Vendor: Ruijie
Product: RG-UAC
Published: Jul 05, 2026
Source: NVD
CVE-2026-14735 HIGH - 7.3

A vulnerability has been found in code-projects Smart Parking System 1.0. The affected element is an unknown function of the file /parkings/parkings.php. Such manipulation of the argument street/city/status leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

Vendor: code-projects
Product: Smart Parking System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14734 HIGH - 7.3

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_product.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14733 HIGH - 7.3

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. This issue affects some unknown processing of the file /edit_coursea.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14732 HIGH - 7.3

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This vulnerability affects unknown code of the file /edit_exam.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed pub...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 05, 2026
Source: NVD