CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-14717
Medium

A SQL injection vulnerability was found in itsourcecode Hospital Management System 1.0 in the /patientlogin.php file. An attacker can remotely manipulate the loginid argument, leading to unauthorized database access. The exploit is publicly available.

CVE-2026-14716
Medium

A security vulnerability was found in GoClaw up to version 3.13.0-beta.2. The issue affects the MethodRouter.Handle function in internal/gateway/router.go of the WebSocket RPC Handler component, leading to incorrect authorization. The attack can be launched remotely and the exploit has been publicly disclosed.

CVE-2026-14714
Medium

A missing authentication vulnerability exists in the verify_server function of the wx Endpoint component in zhayujie chatgpt-on-wechat CowAgent 2.1.0. The attack can be performed remotely and the exploit is publicly available.

CVE-2026-14713
High

A SQL injection vulnerability has been discovered in SourceCodester Pizzafy E-Commerce System 1.0 in the file /admin/ajax.php?action=confirm_order. An attacker can remotely manipulate the ID argument, leading to SQL injection. The exploit has been publicly released.

CVE-2026-14705
High

A SQL injection vulnerability was found in Online Examination 1.0 in the head.php file via the uname/password arguments. The attack can be launched remotely and the exploit has been publicly disclosed.

CVE-2026-14704
Medium

A vulnerability was found in bluebox up to version 4.5.12, allowing Cross-Site Scripting (XSS) via manipulation of the 'code' argument. The attack can be performed remotely and the exploit has been made public.

CVE-2026-14703
Medium

A SQL Injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the file /patientorder.php. An unknown function allows manipulation of the editid argument, enabling remote SQL injection. The exploit has been publicly disclosed.

CVE-2026-14702
Low

A vulnerability has been found in zcaceres markdownify-mcp up to version 1.1.0, involving insufficiently random values in the saveToTempFile function of src/Markdownify.ts. The attack requires local access and is difficult to exploit, but an exploit has been published.

CVE-2026-14701
Medium

A SQL injection vulnerability was found in the Internship Management System 1.0 in the file employer/details/change_password.php. An attacker can remotely manipulate the Current argument, leading to SQL injection. The exploit is publicly available.

CVE-2026-14700
High

A SQL injection vulnerability has been found in code-projects Internship Management System 1.0 in the employer/login.php file. An attacker can remotely manipulate the email/password arguments to inject malicious SQL code. Exploit details have been publicly disclosed.

CVE-2026-14698
Medium

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. An unknown function in upload_files.php allows unrestricted file upload, which can be exploited remotely. The exploit has been publicly released and may be used for attacks.

CVE-2026-14695
High

A SQL injection vulnerability was found in the save_client function of classes/Users.php in SourceCodester Multi-Vendor Online Grocery Management System 1.0. An attacker can remotely manipulate the Name argument, leading to SQL injection. The exploit has been made public.

CVE-2026-14694
Medium

A SQL injection vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0 in the cancel_order function of classes/Master.php. Manipulation of the ID argument in POST requests allows SQL injection. The attack can be performed remotely and the exploit has been publicly disclosed.

CVE-2026-14693
Medium

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0, affecting the cancel_order function in classes/Master.php. Manipulation of this function can lead to improper authorization. The attack can be performed remotely and an exploit has been published.

CVE-2026-14690
High

A weakness in SourceCodester Multi-Vendor Online Grocery Management System 1.0 affects the save_users function in classes/Users.php, causing improper authorization. Remote exploitation is possible and the exploit is publicly available.

CVE-2026-14689
Medium

A SQL injection vulnerability has been discovered in CodeAstro Apartment Visitor Management System 1.0 in the file /apartment-visitor/add-apartment.php. An attacker can remotely manipulate the apartmentno argument, leading to SQL injection. The exploit has been publicly released.

CVE-2026-14570
High

A vulnerability in the Crypt::DSA library for Perl before version 1.22 causes insecure generation of DSA signing nonces and private keys due to a biased random generator. An attacker with access to a few signatures and the public key can recover the private key using a lattice attack.

CVE-2026-14688
High

A SQL injection vulnerability was found in itsourcecode Online Hotel Management System 1.0 in the file /admin/login.php. An attacker can remotely manipulate the email argument, leading to SQL injection. The exploit is publicly available.

CVE-2026-14687
Medium

A vulnerability was found in the InsightEngine component of BettaFish up to version 1.2.1, specifically in the _deduplicate_results function of InsightEngine/agent.py. Input manipulation can lead to partial string comparison, enabling remote attacks. The exploit has been publicly disclosed and may be used.

CVE-2026-14684
Low

A vulnerability has been found in HdrHistogram up to version 2.2.2, involving uncontrolled memory allocation in the decodeFromByteBuffer function of the AbstractHistogram class. The numberOfSignificantValueDigits argument can be manipulated, leading to memory exhaustion. The attack requires local access and an exploit has been published.

PreviousPage 5 of 4502Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS