Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,529
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,521 - 1,540 of 40,198 CVEs
CVE-2026-59511 MEDIUM - 5.3

Insertion of Sensitive Information Into Sent Data vulnerability in Tim Strifler Exclusive Addons Elementor allows Retrieve Embedded Sensitive Data. This issue affects Exclusive Addons Elementor: from n/a through 2.7.9.9.

Vendor: Tim Strifler
Product: Exclusive Addons Elementor
Published: Jul 05, 2026
Source: NVD
CVE-2026-14772 HIGH - 7.3

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /edit_course1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14771 HIGH - 7.3

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /edit_exam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publ...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14770 HIGH - 7.3

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_room.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may b...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14769 HIGH - 7.3

A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly an...

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD
CVE-2026-14768 HIGH - 7.3

A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the pub...

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD
CVE-2026-14767 MEDIUM - 6.3

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoice_no results in sql injection. The attack can be executed remot...

Vendor: CodeAstro
Product: Ecommerce Website
Published: Jul 05, 2026
Source: NVD
CVE-2026-14766 MEDIUM - 6.3

A vulnerability was identified in CodeAstro Apartment Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /apartment-visitor/search-result.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. Remo...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 05, 2026
Source: NVD

AIL Framework contains a path traversal vulnerability in its PDF object handling. Prior to commit 14c618fce4d1df02358717c48ea903706abecdf2, the PDF.get_filepath() function constructed a file path by joining the configured PDF storage directory with a path derived from a PDF object identifier, withou...

Vendor: ail-project
Product: ail-framework
Published: Jul 05, 2026
Source: NVD
CVE-2026-14764 HIGH - 7.3

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/add_event.php of the component Event Management Page. Such manipulation of the argument fdetails leads to sql injection. The attack can be launched remotely. The exp...

Vendor: code-projects
Product: Hotel and Tourism Reservation
Published: Jul 05, 2026
Source: NVD
CVE-2026-14763 HIGH - 7.3

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. This affects an unknown function of the file /admin/tour_reserves.php of the component Tour Reservations Page. This manipulation of the argument tour causes sql injection. The attack can be initiated remotely. The exploit has ...

Vendor: code-projects
Product: Hotel and Tourism Reservation
Published: Jul 05, 2026
Source: NVD
CVE-2026-14762 HIGH - 7.3

A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component Room Management Page. The manipulation of the argument delete results in sql injection. It is possible to launch the attack remot...

Vendor: code-projects
Product: Hotel and Tourism Reservation
Published: Jul 05, 2026
Source: NVD

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. The affected element is the function r_str_ndup/r_str_append of the file libr/util/str.c. The manipulation leads to integer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may b...

Vendor: radareorg
Product: radare2
Published: Jul 05, 2026
Source: NVD

A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function r_core_seek_arch_bits of the file libr/core/disasm.c of the component regprofile Handler. Executing a manipulation can lead to use after free. The attack requires local access. The exploit has been made availab...

Vendor: radareorg
Product: radare2
Published: Jul 05, 2026
Source: NVD

A security flaw has been discovered in radareorg radare2 up to 6.1.6. This issue affects the function r_bin_java_inner_classes_attr_calc_size of the file shlr/java/class.c of the component RBinJava Line Number Table Parser. Performing a manipulation results in heap-based buffer overflow. The attack ...

Vendor: radareorg
Product: radare2
Published: Jul 05, 2026
Source: NVD
CVE-2026-9085 HIGH - 8.8

Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing. This issue affects Pardus-Parental-Control: from <=0.5.1 before 0.7.0.

Published: Jul 05, 2026
Source: NVD
CVE-2026-6509 HIGH - 7.8

Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation. This issue affects Pardus Update: from <=0.6.3 before 0.6.6.

Published: Jul 05, 2026
Source: NVD

A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmd_anal_opcode of the file libr/core/cmd_anal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is public...

Vendor: radareorg
Product: radare2
Published: Jul 05, 2026
Source: NVD
CVE-2026-14757 MEDIUM - 5.3

A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function core_anal_bytes of the file libr/core/cmd_anal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is sugges...

Vendor: radareorg
Product: radare2
Published: Jul 05, 2026
Source: NVD
CVE-2026-14756 HIGH - 7.3

A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/add_tour.php of the component Tour Management Page. The manipulation of the argument delete_image results in sql injection. The attack may be launched...

Vendor: code-projects
Product: Hotel and Tourism Reservation
Published: Jul 05, 2026
Source: NVD