CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-14701
Medium

A SQL injection vulnerability was found in the Internship Management System 1.0 in the file employer/details/change_password.php. An attacker can remotely manipulate the Current argument, leading to SQL injection. The exploit is publicly available.

CVE-2026-14700
High

A SQL injection vulnerability has been found in code-projects Internship Management System 1.0 in the employer/login.php file. An attacker can remotely manipulate the email/password arguments to inject malicious SQL code. Exploit details have been publicly disclosed.

CVE-2026-14698
Medium

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. An unknown function in upload_files.php allows unrestricted file upload, which can be exploited remotely. The exploit has been publicly released and may be used for attacks.

CVE-2026-14695
High

A SQL injection vulnerability was found in the save_client function of classes/Users.php in SourceCodester Multi-Vendor Online Grocery Management System 1.0. An attacker can remotely manipulate the Name argument, leading to SQL injection. The exploit has been made public.

CVE-2026-14694
Medium

A SQL injection vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0 in the cancel_order function of classes/Master.php. Manipulation of the ID argument in POST requests allows SQL injection. The attack can be performed remotely and the exploit has been publicly disclosed.

CVE-2026-14693
Medium

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0, affecting the cancel_order function in classes/Master.php. Manipulation of this function can lead to improper authorization. The attack can be performed remotely and an exploit has been published.

CVE-2026-14690
High

A weakness in SourceCodester Multi-Vendor Online Grocery Management System 1.0 affects the save_users function in classes/Users.php, causing improper authorization. Remote exploitation is possible and the exploit is publicly available.

CVE-2026-14689
Medium

A SQL injection vulnerability has been discovered in CodeAstro Apartment Visitor Management System 1.0 in the file /apartment-visitor/add-apartment.php. An attacker can remotely manipulate the apartmentno argument, leading to SQL injection. The exploit has been publicly released.

CVE-2026-14688
High

A SQL injection vulnerability was found in itsourcecode Online Hotel Management System 1.0 in the file /admin/login.php. An attacker can remotely manipulate the email argument, leading to SQL injection. The exploit is publicly available.

CVE-2026-14687
Medium

A vulnerability was found in the InsightEngine component of BettaFish up to version 1.2.1, specifically in the _deduplicate_results function of InsightEngine/agent.py. Input manipulation can lead to partial string comparison, enabling remote attacks. The exploit has been publicly disclosed and may be used.

CVE-2026-14684
Low

A vulnerability has been found in HdrHistogram up to version 2.2.2, involving uncontrolled memory allocation in the decodeFromByteBuffer function of the AbstractHistogram class. The numberOfSignificantValueDigits argument can be manipulated, leading to memory exhaustion. The attack requires local access and an exploit has been published.

CVE-2026-14683
Low

A vulnerability was found in HdrHistogram up to version 2.2.2, involving uncontrolled memory allocation in the decodeFromCompressedByteBuffer function. Manipulating the lengthOfCompressedContents argument can cause excessive memory consumption. The attack requires local access and the exploit is publicly available.

CVE-2026-14660
High

A SQL injection vulnerability was found in Online Job Portal 1.0 in the login.php file. Manipulating the txtUser or txtPass arguments allows remote attackers to execute unauthorized database queries. The exploit has been made public, increasing the risk of exploitation.

CVE-2026-14659
Medium

A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0. The issue exists in the /patientappointment.php file, where the patiente argument is vulnerable to manipulation. The attack can be launched remotely, and the exploit has been publicly disclosed.

CVE-2026-14656
Medium

A cross-site scripting vulnerability was found in Assessment Management 1.0 in /admin/remove-user.php. Manipulation of the ID argument allows remote script execution. The exploit is publicly available.

CVE-2026-14655
Low

A cross-site scripting vulnerability has been found in Assessment Management 1.0 in the admin/view-users.php file. Manipulation of the User argument can lead to script execution in the browser. The attack is remotely exploitable and the exploit is publicly available.

CVE-2026-14654
High

A SQL injection vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0 in the file /admin/girlsproductdeletequery.php. An attacker can remotely manipulate the user_id argument, leading to SQL injection. The exploit is publicly available.

CVE-2026-14653
High

A SQL injection vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0 in the file /admin/mensproductdeletequery.php. An attacker can remotely manipulate the user_id argument, leading to SQL injection. The exploit has been publicly disclosed.

CVE-2026-14652
High

A SQL injection vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0 in the file /admin/login.php. An attacker can remotely manipulate the Username argument, leading to SQL injection. The exploit has been made public and could be used.

CVE-2026-14650
Low

A flaw in grass up to version 0.13.4 allows a local denial of service via the grass_compiler::raw_to_parse_error function in the UTF-8 Character Handler component. The project maintainer considers DoS vulnerabilities acceptable in Sass compilers.

PreviousPage 4 of 4494Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS