CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-14770
High

A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_room.php file. An attacker can remotely manipulate the ID argument, leading to SQL injection. The exploit is publicly available.

CVE-2026-14769
High

A SQL Injection vulnerability has been detected in code-projects Real State Services 1.0. The issue occurs in the /pay.php file, where the Bankname argument is vulnerable to manipulation. The attack can be performed remotely, and the exploit has been publicly disclosed.

CVE-2026-14768
High

A SQL injection vulnerability has been found in code-projects Real State Services 1.0 in the /builderHome.php file via the loc parameter. The attack can be performed remotely and the exploit is publicly available.

CVE-2026-14767
Medium

A SQL injection vulnerability has been discovered in CodeAstro Ecommerce Website 1.0 in the file /ecommerce-website-php/customer/confirm.php. An attacker can remotely manipulate the invoice_no parameter, leading to unauthorized database access. The exploit has been publicly released, increasing the risk of attacks.

CVE-2026-14766
Medium

A SQL injection vulnerability was found in CodeAstro Apartment Visitor Management System 1.0 in the file /apartment-visitor/search-result.php. An attacker can remotely manipulate the searchdata argument, leading to SQL injection. The exploit is publicly available.

CVE-2026-59510
High

AIL Framework contains a path traversal vulnerability in its PDF object handling. The PDF.get_filepath() function constructs a file path by joining the configured PDF storage directory with a PDF object identifier without verifying the resolved path stays within the intended PDF_FOLDER directory. An authenticated attacker can use a crafted identifier to read files outside this directory.

CVE-2026-14764
High

A SQL injection vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0 in the /admin/add_event.php file. An attacker can remotely manipulate the fdetails argument, leading to SQL injection. The exploit has been publicly disclosed.

CVE-2026-14763
High

A SQL injection vulnerability has been found in Hotel and Tourism Reservation 1.0 in the file /admin/tour_reserves.php. An attacker can remotely manipulate the tour argument, leading to SQL injection. The exploit has been published and may be used.

CVE-2026-14762
High

A SQL Injection vulnerability was found in Hotel and Tourism Reservation 1.0 in the /admin/rooms.php file. Manipulation of the delete argument in the room management function allows an attacker to inject malicious SQL code. The attack can be performed remotely and the exploit is publicly available.

CVE-2026-14761
Low

An integer overflow vulnerability has been detected in radare2 up to version 6.1.6 in the functions r_str_ndup and r_str_append within libr/util/str.c. The attack requires local access and the exploit has been publicly disclosed.

CVE-2026-14760
Low

A use-after-free vulnerability has been found in radare2 up to version 6.1.6 in the r_core_seek_arch_bits function within libr/core/disasm.c, in the regprofile handler component. Manipulation can lead to use after free.

CVE-2026-14759
Low

A security flaw in radare2 up to version 6.1.6 affects the function r_bin_java_inner_classes_attr_calc_size in shlr/java/class.c, part of the RBinJava Line Number Table Parser. Manipulation leads to a heap-based buffer overflow. The attack requires local access and the exploit has been made public.

CVE-2026-9085
High

A vulnerability in Pardus-Parental-Control (versions up to 0.5.1 before 0.7.0) is caused by incorrect permission assignment for critical resources and improper access control. This allows an attacker to perform DNS Spoofing, i.e., impersonate a DNS server and redirect network traffic.

CVE-2026-6509
High

Missing authorization in Pardus Update allows privilege escalation. The vulnerability affects versions 0.6.3 and earlier, before version 0.6.6.

CVE-2026-14758
Low

A vulnerability was found in radare2 up to version 6.1.6 in the cmd_anal_opcode function of libr/core/cmd_anal.inc.c within the hexpairs Parser component. Data manipulation leads to an integer overflow. The attack requires local access and an exploit is publicly available.

CVE-2026-14757
Medium

A vulnerability was found in radareorg radare2 up to version 6.1.6 in the core_anal_bytes function of libr/core/cmd_anal.inc. Manipulation leads to integer overflow. The attack requires local access and the exploit has been publicly disclosed.

CVE-2026-14756
High

A SQL injection vulnerability was found in Hotel and Tourism Reservation 1.0 in the file /admin/add_tour.php. Manipulation of the delete_image argument allows SQL injection. The attack can be launched remotely and the exploit is publicly available.

CVE-2026-14755
High

A SQL Injection vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0 in the file /admin/reservations.php. An unknown functionality of the Reservations Management Page allows manipulation of the delete argument, leading to SQL injection. The attack can be initiated remotely, and the exploit has been publicly disclosed.

CVE-2026-12386
Low

A vulnerability in Pardus Pen (TUBITAK BILGEM) due to improper null termination leads to buffer overflow. It affects versions <=4.1.5 before 4.2.1.

CVE-2026-12250
High

A vulnerability in Pardus Domain Joiner allows sensitive information to be exposed during process invocation, enabling its extraction. The issue affects versions from 0.5.2 before 0.5.4.

PreviousPage 7 of 4511Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS