Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,525
Quick preset (or use dates below)
Clear Filters
Showing 1,541 - 1,560 of 143,793 CVEs
CVE-2026-14755 HIGH - 7.3

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/reservations.php of the component Reservations Management Page. The manipulation of the argument delete leads to sql injection. The attack ...

Vendor: code-projects
Product: Hotel and Tourism Reservation
Published: Jul 05, 2026
Source: NVD

Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers. This issue affects Pardus Pen: from <=4.1.5 before 4.2.1.

Vendor: TUBITAK BILGEM Software Technologies Research Institute
Product: Pardus Pen
Published: Jul 05, 2026
Source: NVD
CVE-2026-12250 HIGH - 7.9

Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4.

Vendor: TUBITAK BILGEM Software Technologies Research Institute
Product: Pardus Domain Joiner
Published: Jul 05, 2026
Source: NVD
CVE-2026-14754 HIGH - 7.3

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/add_room.php. Executing a manipulation of the argument delete_image/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. Th...

Vendor: code-projects
Product: Hotel and Tourism Reservation
Published: Jul 05, 2026
Source: NVD
CVE-2026-14753 HIGH - 7.3

A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignment_item_id results in authorization ...

Vendor: mjperpinosa
Product: stumasy
Published: Jul 05, 2026
Source: NVD

A security vulnerability has been detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This affects the function add_definition of the file application/PHP/objects/notes/add_into_dictionary.php. Such manipulation of the argument reference leads to cross site scripting. It ...

Vendor: mjperpinosa
Product: stumasy
Published: Jul 05, 2026
Source: NVD
CVE-2026-14751 MEDIUM - 6.3

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notes_controller::search_scratch_data of the file application/PHP/objects/notes/search_scratch_data.php. This manipulation of the argument field_name causes sql ...

Vendor: mjperpinosa
Product: stumasy
Published: Jul 05, 2026
Source: NVD
CVE-2026-14750 HIGH - 7.3

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notes_controller::accessing_dictionary_authorization of the file application/PHP/objects/notes/accessing_dictionary_authorization.php. The manipulation of t...

Vendor: mjperpinosa
Product: stumasy
Published: Jul 05, 2026
Source: NVD

An unauthenticated improper input validation vulnerability in the POST /fetch_cve_data endpoint in cve-search. A remote attacker can manipulate request parameters controlling the MongoDB collection, projected fields, and regular-expression filters to read arbitrary application MongoDB collections. T...

Vendor: cve-search
Product: cve-search
Published: Jul 05, 2026
Source: NVD
CVE-2026-14749 HIGH - 7.3

A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imba_calculator/calculate.php. The manipulation of the argument mathematical_sentence leads to code injection. The attack is possible to b...

Vendor: mjperpinosa
Product: stumasy
Published: Jul 05, 2026
Source: NVD
CVE-2026-14748 MEDIUM - 6.3

A flaw has been found in AIAnytime Awesome-MCP-Server up to a884bb51bcd99e08e14fd712c749d55d9d9a13ab. Affected by this issue is some unknown functionality of the file mcp-wiki/src/mcp_wiki/server.py of the component mcp-wiki/wiki-summary. This manipulation of the argument url causes server-side requ...

Vendor: AIAnytime
Product: Awesome-MCP-Server
Published: Jul 05, 2026
Source: NVD
CVE-2026-14747 HIGH - 7.3

A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of the argument amen results in sql injection. The attack can be launched remotely.

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD
CVE-2026-14746 HIGH - 7.3

A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD
CVE-2026-14745 HIGH - 7.3

A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-list_rent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the...

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD
CVE-2026-14744 HIGH - 7.3

A security flaw has been discovered in code-projects Real State Services 1.0. This affects an unknown function of the file /normalHomeRent.php. Performing a manipulation of the argument loc results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the...

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD
CVE-2026-14743 HIGH - 7.3

A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be ...

Vendor: code-projects
Product: Real State Services
Published: Jul 05, 2026
Source: NVD

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function _freeze of the file libs/langgraph/langgraph/_internal/_cache.py of the component Task Result Cache. This manipulation of the argument default_cache_key causes use of weak hash. The attack is p...

Vendor: langchain-ai
Product: langgraph
Published: Jul 05, 2026
Source: NVD

A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high co...

Vendor: exo-explore
Product: exo
Published: Jul 05, 2026
Source: NVD
CVE-2026-14737 HIGH - 7.3

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly av...

Vendor: Hanwang
Product: e-Face General Management Platform
Published: Jul 05, 2026
Source: NVD
CVE-2026-14736 HIGH - 7.3

A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file user_auth_commit.php. Performing a manipulation of the argument upload_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been...

Vendor: Ruijie
Product: RG-UAC
Published: Jul 05, 2026
Source: NVD