CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-14706
Medium

A SQL injection vulnerability was found in code-projects Online Examination 1.0 in the quiz creation feature. An attacker can remotely manipulate the name, total, right, wrong, time, tag, desc arguments in /update.php?q=addquiz, leading to SQL injection. The exploit is publicly available.

CVE-2026-14705
High

A SQL injection vulnerability was found in Online Examination 1.0 in the head.php file via manipulation of the uname/password arguments. The attack can be launched remotely and the exploit has been publicly disclosed.

CVE-2026-14704
Medium

A vulnerability was found in bluebox up to version 4.5.12, allowing Cross-Site Scripting (XSS) via manipulation of the 'code' argument. The attack can be performed remotely and the exploit has been made public.

CVE-2026-14703
Medium

A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the file /patientorder.php. An unknown function allows manipulation of the editid argument, enabling remote SQL injection. The exploit has been publicly disclosed.

CVE-2026-14702
Low

A flaw in zcaceres markdownify-mcp up to version 1.1.0 causes insufficiently random values in the saveToTempFile function of src/Markdownify.ts. The attack requires local access and is difficult to exploit, but an exploit has been published.

CVE-2026-14701
Medium

A SQL injection vulnerability was found in the Internship Management System 1.0 in the file employer/details/change_password.php. An attacker can remotely manipulate the Current argument, leading to SQL injection. The exploit is publicly available.

CVE-2026-14700
High

A security vulnerability has been detected in code-projects Internship Management System 1.0. The impacted element is an unknown function of the file employer/login.php of the component Employer Login Endpoint. The manipulation of the argument email/password leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

CVE-2026-14699
Low

A vulnerability has been discovered in zcaceres markdownify-mcp up to version 1.1.0, involving symlink following in the assertPathAllowed function of src/Markdownify.ts. The attack can only be executed locally.

CVE-2026-14698
Medium

A security flaw in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0 allows unrestricted file upload via upload_files.php. The vulnerability can be exploited remotely and a public exploit is available.

CVE-2026-14695
High

A SQL injection vulnerability was found in the save_client function of the classes/Users.php file in SourceCodester Multi-Vendor Online Grocery Management System 1.0. An attacker can remotely manipulate the Name argument, leading to SQL injection. The exploit has been made public and could be used.

CVE-2026-14694
Medium

A SQL injection vulnerability was found in the cancel_order function of classes/Master.php in SourceCodester Multi-Vendor Online Grocery Management System 1.0. An attacker can remotely manipulate the ID argument, leading to SQL injection.

CVE-2026-14693
Medium

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0, affecting the cancel_order function in classes/Master.php. Manipulation of this function can lead to improper authorization. The attack can be performed remotely and the exploit is publicly available.

CVE-2026-14692
Medium

A SQL injection vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. The issue affects the save_shop_type function in classes/Master.php, which mishandles POST parameters. The attack can be performed remotely and the exploit is publicly available.

CVE-2026-14691
Medium

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0, involving code injection in the update_settings_info function of classes/SystemSettings.php. The attack can be executed remotely, and the exploit has been publicly disclosed.

CVE-2026-14690
High

A weakness in SourceCodester Multi-Vendor Online Grocery Management System 1.0 affects the save_users function in classes/Users.php, causing improper authorization. Remote exploitation is possible without authentication, and a public exploit increases attack risk.

CVE-2026-14689
Medium

A SQL injection vulnerability has been discovered in CodeAstro Apartment Visitor Management System 1.0 in the file /apartment-visitor/add-apartment.php. An attacker can remotely manipulate the apartmentno argument, leading to unauthorized database access. The exploit has been publicly released, increasing the risk of attacks.

CVE-2026-14570
High

A vulnerability in the Crypt::DSA library for Perl before version 1.22 causes the DSA signing nonce and private key to be drawn from a biased random generator, enabling private key recovery. An attacker with the public key and a modest number of signatures can perform a lattice attack to recover the private key.

CVE-2026-14688
High

A SQL injection vulnerability was found in itsourcecode Online Hotel Management System 1.0 in the file /admin/login.php. The attack involves manipulating the email argument, allowing remote SQL injection. The exploit is publicly available.

CVE-2026-14687
Medium

A vulnerability was found in the InsightEngine component of BettaFish up to version 1.2.1, specifically in the _deduplicate_results function of InsightEngine/agent.py. Input manipulation leads to partial string comparison, allowing remote exploitation. The exploit has been publicly disclosed and may be used.

CVE-2026-14686
Low

A vulnerability was found in HdrHistogram up to version 2.2.2 in the `org.HdrHistogram.DoubleHistogram.recordValue` function. The issue involves an incorrect comparison in the Range Check component, leading to potential manipulation. The attack requires local access and the exploit has been made public.

PreviousPage 14 of 4515Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS