Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,525
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,601 - 1,620 of 40,198 CVEs
CVE-2026-14659 MEDIUM - 6.3

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

Vendor: itsourcecode
Product: Hospital Management System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14658 MEDIUM - 6.3

A vulnerability was detected in code-projects Assessment Management 1.0. This vulnerability affects unknown code of the file /lecturer/marking-scheme.php. The manipulation of the argument smarksrange[] results in sql injection. It is possible to launch the attack remotely. The exploit is now public ...

Vendor: code-projects
Product: Assessment Management
Published: Jul 04, 2026
Source: NVD
CVE-2026-14657 MEDIUM - 6.3

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This manipulation of the argument squestions[] causes sql injection. The attack can be initiated remotely. Th...

Vendor: code-projects
Product: Assessment Management
Published: Jul 04, 2026
Source: NVD
CVE-2026-14656 MEDIUM - 4.3

A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed pu...

Vendor: code-projects
Product: Assessment Management
Published: Jul 04, 2026
Source: NVD

A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argument User can lead to cross site scripting. The attack may be performed from remote. The exploit has b...

Vendor: code-projects
Product: Assessment Management
Published: Jul 04, 2026
Source: NVD
CVE-2026-14654 HIGH - 7.3

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument user_id leads to sql injection. The attack can be executed remotely. The exploit is publicly av...

Vendor: SourceCodester
Product: Simple and Nice Shopping Cart Script
Published: Jul 04, 2026
Source: NVD
CVE-2026-14653 HIGH - 7.3

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument user_id causes sql injection. Remote exploitation of the attack is possible. The exploit has be...

Vendor: SourceCodester
Product: Simple and Nice Shopping Cart Script
Published: Jul 04, 2026
Source: NVD
CVE-2026-14652 HIGH - 7.3

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit has b...

Vendor: SourceCodester
Product: Simple and Nice Shopping Cart Script
Published: Jul 04, 2026
Source: NVD

A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grass_compiler::selector::extend/grass_compiler::evaluate::visitor. The manipulation leads to denial of service. The attack must be carried out locally. The exploit has been disclosed to the public...

Vendor: connorskees
Product: grass
Published: Jul 04, 2026
Source: NVD
CVE-2024-1248 MEDIUM - 4.8

The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username with a local user. This allows the provisioning process to overwrite existing roles of local users wit...

Vendor: wso2
Product: api_manager
Published: Jul 04, 2026
Source: NVD

A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grass_compiler::raw_to_parse_error of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of service. The attack is restricted to local execution. The exploit has been publish...

Vendor: connorskees
Product: grass
Published: Jul 04, 2026
Source: NVD
CVE-2026-14649 HIGH - 7.3

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function test_input of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely.

Vendor: code-projects
Product: Online Voting System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14648 HIGH - 7.3

A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test_input of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to l...

Vendor: code-projects
Product: Online Voting System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14647 MEDIUM - 4.3

A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been ...

Product: onnx
Published: Jul 04, 2026
Source: NVD
CVE-2026-14642 HIGH - 7.3

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is pub...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14641 HIGH - 7.3

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_course.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has...

Vendor: SourceCodester
Product: Class and Exam Timetabling System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14640 HIGH - 7.3

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has b...

Vendor: CodeAstro
Product: Apartment Visitor Management System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14639 MEDIUM - 6.3

A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/my_account.php?edit_account. Such manipulation of the argument c_name leads to sql injection. The attack may be launched remotely. The exploit has been disc...

Vendor: CodeAstro
Product: Ecommerce Website
Published: Jul 04, 2026
Source: NVD
CVE-2026-14638 MEDIUM - 6.3

A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Vendor: itsourcecode
Product: Hospital Management System
Published: Jul 04, 2026
Source: NVD
CVE-2026-14637 HIGH - 8.2

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the library application/libraries/ShoppingCart.php. The manipulation of the argument shopping_cart leads to d...

Vendor: kirilkirkov
Product: Ecommerce-CodeIgniter-Bootstrap
Published: Jul 04, 2026
Source: NVD