Total CVEs

143,744

Critical Severity

4,091

High Severity

14,757

Last 7 Days

1,564
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,561 - 1,580 of 40,149 CVEs
CVE-2024-1248 MEDIUM - 4.8

The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wit...

Vendor: wso2
Product: api_manager
Published: Jul 04, 2026
Source: NVD

A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grass_compiler::raw_to_parse_error of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of service. The attack is restricted to local execution. The exploit has been publish...

Vendor: connorskees
Product: grass
Published: Jul 04, 2026
Source: NVD
CVE-2026-14649 HIGH - 7.3

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function test_input of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely.

Vendor: code-projects
Product: Online Voting System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14648 HIGH - 7.3

A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test_input of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to l...

Vendor: code-projects
Product: Online Voting System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14647 MEDIUM - 4.3

A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been ...

Product: onnx
Published: Jul 04, 2026
Source: NVD
CVE-2026-14642 HIGH - 7.3

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is pub...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14641 HIGH - 7.3

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_course.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14640 HIGH - 7.3

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has b...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14639 MEDIUM - 6.3

A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/my_account.php?edit_account. Such manipulation of the argument c_name leads to sql injection. The attack may be launched remotely. The exploit has been disc...

Vendor: CodeAstro
Product: Ecommerce Website
Published: Jul 04, 2026
Source: NVD
CVE-2026-14638 MEDIUM - 6.3

A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Vendor: itsourcecode
Product: Hospital Management System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14637 HIGH - 8.2

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shopping_cart leads to d...

Vendor: kirilkirkov
Product: Ecommerce-CodeIgniter-Bootstrap
Published: Jul 04, 2026
Source: NVD
CVE-2026-12746 HIGH - 8.1

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authentication_url method builds the provider authorization redirect without issuing a state value, and the callback method exchanges the callback code and registers the resulting ...

Vendor: BIAFRA
Product: Dancer2::Plugin::Auth::OAuth::Provider
Published: Jul 04, 2026
Source: NVD
CVE-2026-12740 HIGH - 8.1

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code and registers the resulting token into the session (register_s...

Vendor: CORNELIUS
Product: Plack::Middleware::OAuth
Published: Jul 04, 2026
Source: NVD
CVE-2026-14636 MEDIUM - 5.4

A weakness has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 23105f25dadf57b4314fc015a63a7c6e910c89df. Impacted is the function do_upload_others_images of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Image Manager. Executing a manipula...

Vendor: kirilkirkov
Product: Ecommerce-CodeIgniter-Bootstrap
Published: Jul 04, 2026
Source: NVD
CVE-2026-14635 HIGH - 7.3

A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/modules/vendor/controllers/AddProduct.php of the component Vendor Multi-Image Endpoint. Performing a m...

Vendor: kirilkirkov
Product: Ecommerce-CodeIgniter-Bootstrap
Published: Jul 04, 2026
Source: NVD
CVE-2026-14634 MEDIUM - 4.3

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file application/core/MY_Controller.php of the component Subscribed Emails Admin Page. Such manipulation o...

Vendor: kirilkirkov
Product: Ecommerce-CodeIgniter-Bootstrap
Published: Jul 04, 2026
Source: NVD
CVE-2026-14633 MEDIUM - 4.3

A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of the component Hidden REST API Endpoint. This manipulation of the argument title/description causes cros...

Vendor: kirilkirkov
Product: Ecommerce-CodeIgniter-Bootstrap
Published: Jul 04, 2026
Source: NVD
CVE-2026-14632 MEDIUM - 4.3

A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/core/MY_Controller.php of the component Trusted Backend Interface. The manipulation of the argument href...

Vendor: kirilkirkov
Product: Ecommerce-CodeIgniter-Bootstrap
Published: Jul 04, 2026
Source: NVD

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function get_conversation_history of the file 08_agentic_system/memory/langchain/code/smart_customer_service.py of the component Memory Recall Handler. The manipulation leads to use of we...

Vendor: ForceInjection
Product: AI-fundermentals
Published: Jul 04, 2026
Source: NVD
CVE-2026-14629 MEDIUM - 4.3

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may ...

Product: RT-Thread
Published: Jul 04, 2026
Source: NVD