Total CVEs

143,744

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,568
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,521 - 1,540 of 40,149 CVEs
CVE-2026-14721 HIGH - 8.8

A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects an unknown function of the file /goform/ConfigWirelessBase_5g of the component Web Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack is possible to be carried out...

Vendor: UTT
Product: HiPER 1250GW
Published: Jul 05, 2026
Source: NVD
CVE-2026-14719 HIGH - 7.3

A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The at...

Vendor: SourceCodester
Product: Onlne Examination & Learning Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14781 MEDIUM - 4.8

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the email_verified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but r...

Vendor: Red Hat
Product: Red Hat Build of Keycloak, Red Hat Data Grid 8, Red Hat JBoss Enterprise Application Platform Expansion Pack, Red Hat Single Sign-On 7
Published: Jul 05, 2026
Source: NVD
CVE-2026-14717 MEDIUM - 6.3

A vulnerability was detected in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /patientlogin.php. Performing a manipulation of the argument loginid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14716 MEDIUM - 6.3

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads to incorrect authorization. The attack may be launched remote...

Vendor: nextlevelbuilder
Product: GoClaw
Published: Jul 05, 2026
Source: NVD
CVE-2026-14714 MEDIUM - 6.5

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This manipulation of the argument wechatmp_token causes missing authentication. The attack may be initiated ...

Vendor: zhayujie
Product: chatgpt-on-wechat CowAgent
Published: Jul 05, 2026
Source: NVD
CVE-2026-14713 HIGH - 7.3

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been relea...

Vendor: SourceCodester
Product: Pizzafy E-Commerce System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14706 MEDIUM - 6.3

A vulnerability was identified in code-projects Online Examination 1.0. This affects an unknown part of the file /update.php?q=addquiz of the component Quiz Creation Feature. The manipulation of the argument name/total/right/wrong/time/tag/desc leads to sql injection. The attack can be initiated rem...

Vendor: code-projects
Product: Online Examination
Published: Jul 05, 2026
Source: NVD
CVE-2026-14705 HIGH - 7.3

A vulnerability was determined in code-projects Online Examination 1.0. Affected by this issue is some unknown functionality of the file head.php. Executing a manipulation of the argument uname/password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been pub...

Vendor: code-projects
Product: Online Examination
Published: Jul 05, 2026
Source: NVD
CVE-2026-14704 MEDIUM - 4.3

A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument code results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be ...

Vendor: stephen-kruger
Product: bluebox
Published: Jul 05, 2026
Source: NVD
CVE-2026-14703 MEDIUM - 6.3

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /patientorder.php. Such manipulation of the argument editid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jul 05, 2026
Source: NVD

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted to ...

Vendor: zcaceres
Product: markdownify-mcp
Published: Jul 05, 2026
Source: NVD
CVE-2026-14701 MEDIUM - 6.3

A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/details/change_password.php of the component Password Change Endpoint. The manipulation of the argument Current results in sql injection. The attack can be executed r...

Vendor: code-projects
Product: Internship Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14700 HIGH - 7.3

A security vulnerability has been detected in code-projects Internship Management System 1.0. The impacted element is an unknown function of the file employer/login.php of the component Employer Login Endpoint. The manipulation of the argument email/password leads to sql injection. Remote exploitati...

Vendor: code-projects
Product: Internship Management System
Published: Jul 05, 2026
Source: NVD

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits ac...

Vendor: zcaceres
Product: markdownify-mcp
Published: Jul 05, 2026
Source: NVD
CVE-2026-14698 MEDIUM - 6.3

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. Impacted is an unknown function of the file upload_files.php. Performing a manipulation results in unrestricted upload. The attack may be initiated remotely. The exploit has been re...

Vendor: SourceCodester
Product: Syllabus-Aligned Learning Management and Examination System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14695 HIGH - 7.3

A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_client of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the attac...

Vendor: SourceCodester
Product: Multi-Vendor Online Grocery Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14694 MEDIUM - 6.3

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancel_order of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible t...

Vendor: SourceCodester
Product: Multi-Vendor Online Grocery Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14693 MEDIUM - 5.4

A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancel_order of the file classes/Master.php. Executing a manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has...

Vendor: SourceCodester
Product: Multi-Vendor Online Grocery Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14692 MEDIUM - 6.3

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function save_shop_type of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be ca...

Vendor: SourceCodester
Product: Multi-Vendor Online Grocery Management System
Published: Jul 05, 2026
Source: NVD