CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-14749
High

A vulnerability was found in mjperpinosa stumasy up to version 327d1b0f2915ba79d7ef8ebb74553e987609d9be in the eval function of application/pages/imba_calculator/calculate.php. Manipulating the mathematical_sentence argument allows remote code injection. The exploit is publicly available and may be used.

CVE-2026-14748
Medium

A server-side request forgery (SSRF) vulnerability has been found in the mcp-wiki/wiki-summary component of AIAnytime Awesome-MCP-Server up to commit a884bb51bcd99e08e14fd712c749d55d9d9a13ab. The attack is performed by manipulating the url argument in mcp-wiki/src/mcp_wiki/server.py and can be initiated remotely. The exploit has been published, and the project has not responded to the issue report.

CVE-2026-14747
High

A SQL Injection vulnerability was found in Real State Services 1.0 in the /addprojectsale.php file. An attacker can remotely manipulate the amen argument, leading to SQL injection.

CVE-2026-14746
High

A SQL injection vulnerability has been detected in code-projects Real State Services 1.0 in the /addprojectrent.php file. An attacker can remotely manipulate the amen argument, leading to SQL injection. The exploit has been publicly disclosed.

CVE-2026-14745
High

A SQL injection vulnerability has been found in Real State Services 1.0 in the /single-list_rent.php file via the ID argument. The attack can be performed remotely and the exploit has been made public.

CVE-2026-14744
High

A SQL injection vulnerability has been discovered in code-projects Real State Services 1.0 in the file /normalHomeRent.php. An attacker can remotely manipulate the loc argument, leading to unauthorized database access. The exploit has been publicly released, increasing the risk of attacks.

CVE-2026-14743
High

A SQL injection vulnerability was found in Real State Services 1.0 in the file /normalHomeSale.php. An attacker can remotely manipulate the 'loc' argument, leading to SQL injection. The exploit is publicly available.

CVE-2026-14742
Low

A vulnerability was found in langgraph library from langchain-ai up to version 1.2.4 in the _freeze function of _cache.py, where the default_cache_key argument causes use of a weak hash function. The attack can be carried out remotely but is difficult to exploit.

CVE-2026-14738
Low

A weak hash function was found in the Vision Feature Cache component of exo-explore exo up to version 1.0.71, specifically in the _image_cache_key function. The vulnerability allows remote attacks but is difficult to exploit due to high complexity. A public exploit is available, and a fix is pending acceptance.

CVE-2026-14737
High

A SQL injection vulnerability was found in Hanwang e-Face General Management Platform 6.3.5.4 in the file /sysAuthStr/querySysAuthStr.do. An attacker can remotely manipulate the order argument, leading to SQL injection. The exploit is publicly available.

CVE-2026-14736
High

A vulnerability was found in Ruijie RG-UAC up to version 1.0-R1.8.2.p5 in the file user_auth_commit.php. An unknown function allows unrestricted file upload via manipulation of the upload_image argument. The attack can be carried out remotely and the exploit has been made public.

CVE-2026-14735
High

A SQL injection vulnerability has been found in Smart Parking System 1.0 in the file /parkings/parkings.php. An unknown function allows manipulation of the street, city, or status arguments, enabling remote SQL injection. The exploit has been publicly disclosed.

CVE-2026-14734
High

A SQL injection vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_product.php file via the ID argument. The attack can be performed remotely and the exploit has been published.

CVE-2026-14733
High

A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the file /edit_coursea.php. An attacker can remotely manipulate the ID argument, leading to SQL injection. The exploit is publicly available.

CVE-2026-14732
High

A SQL injection vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_exam.php file via the ID argument. The attack can be performed remotely and the exploit has been publicly disclosed.

CVE-2026-14731
Medium

A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the /patientreport.php file. Manipulating the editid argument allows remote exploitation. The exploit has been publicly released, increasing the risk of attacks.

CVE-2026-14730
Medium

A SQL injection vulnerability has been discovered in itsourcecode Hospital Management System 1.0 in the /patientprofile.php file. An attacker can remotely manipulate the patientname argument, leading to SQL injection. The exploit has been publicly released and may be used in attacks.

CVE-2026-14725
Medium

A vulnerability was found in SourceCodester Online Boat Reservation System 1.0 involving an unknown functionality that leads to session expiration. The attack can be launched remotely and the exploit is publicly available.

CVE-2026-14723
Medium

In AD-Security AD_Miner 1.9.0, the Cache Handler component's request_a function in ad_miner/scripts/analyse_cache.py mishandles the sys.argv[1] argument, causing deserialization. The attack requires local access.

CVE-2026-14722
High

A vulnerability was found in TidGi-Desktop up to version 0.13.0 in the Git Repository Import component. An unknown function in loadWikiTiddlersWithSubWikis.ts allows remote code injection. The exploit has been made public.

PreviousPage 6 of 4509Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS