Total CVEs

143,744

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,564
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,541 - 1,560 of 40,149 CVEs
CVE-2026-14691 MEDIUM - 6.3

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function update_settings_info of the file classes/SystemSettings.php of the component Setting Handler. Such manipulation of the argument content[] leads to code injection....

Vendor: SourceCodester
Product: Multi-Vendor Online Grocery Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14690 HIGH - 7.3

A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_users of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available ...

Vendor: SourceCodester
Product: Multi-Vendor Online Grocery Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14689 MEDIUM - 6.3

A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulation of the argument apartmentno results in sql injection. The attack may be launched remotely. The expl...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14570 HIGH - 7.5

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonc...

Vendor: TIMLEGGE
Product: Crypt::DSA
Published: Jul 05, 2026
Source: NVD
CVE-2026-14688 HIGH - 7.3

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and migh...

Vendor: itsourcecode
Product: Online Hotel Management System
Published: Jul 05, 2026
Source: NVD
CVE-2026-14687 MEDIUM - 5.3

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function _deduplicate_results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched remo...

Vendor: 666ghj
Product: BettaFish
Published: Jul 05, 2026
Source: NVD

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect comparison. The attack is o...

Product: HdrHistogram
Published: Jul 05, 2026
Source: NVD

A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state issue. The attack can ...

Product: HdrHistogram
Published: Jul 05, 2026
Source: NVD

A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes uncontrolled memory allocati...

Product: HdrHistogram
Published: Jul 05, 2026
Source: NVD

A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument lengthOfCompressedContents results in...

Product: HdrHistogram
Published: Jul 04, 2026
Source: NVD
CVE-2026-14660 HIGH - 7.3

A vulnerability was found in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file login.php. Performing a manipulation of the argument txtUser/txtPass results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be...

Vendor: code-projects
Product: Online Job Portal
Published: Jul 04, 2026
Source: NVD
CVE-2026-14659 MEDIUM - 6.3

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14658 MEDIUM - 6.3

A vulnerability was detected in code-projects Assessment Management 1.0. This vulnerability affects unknown code of the file /lecturer/marking-scheme.php. The manipulation of the argument smarksrange[] results in sql injection. It is possible to launch the attack remotely. The exploit is now public ...

Vendor: code-projects
Product: Assessment Management
Published: Jul 04, 2026
Source: NVD
CVE-2026-14657 MEDIUM - 6.3

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions[] causes sql injection. The attack can be initiated remotely. Th...

Vendor: code-projects
Product: Assessment Management
Published: Jul 04, 2026
Source: NVD
CVE-2026-14656 MEDIUM - 4.3

A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed pu...

Vendor: code-projects
Product: Assessment Management
Published: Jul 04, 2026
Source: NVD

A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argument User can lead to cross site scripting. The attack may be performed from remote. The exploit has b...

Vendor: code-projects
Product: Assessment Management
Published: Jul 04, 2026
Source: NVD
CVE-2026-14654 HIGH - 7.3

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument user_id leads to sql injection. The attack can be executed remotely. The exploit is publicly av...

Vendor: SourceCodester
Product: Simple and Nice Shopping Cart Script
Published: Jul 04, 2026
Source: NVD
CVE-2026-14653 HIGH - 7.3

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument user_id causes sql injection. Remote exploitation of the attack is possible. The exploit has be...

Vendor: SourceCodester
Product: Simple and Nice Shopping Cart Script
Published: Jul 04, 2026
Source: NVD
CVE-2026-14652 HIGH - 7.3

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit has b...

Vendor: SourceCodester
Product: Simple and Nice Shopping Cart Script
Published: Jul 04, 2026
Source: NVD

A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grass_compiler::selector::extend/grass_compiler::evaluate::visitor. The manipulation leads to denial of service. The attack must be carried out locally. The exploit has been disclosed to the public...

Vendor: connorskees
Product: grass
Published: Jul 04, 2026
Source: NVD