CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-14732
High

A SQL injection vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0 in the /edit_exam.php file via the ID argument. The attack can be performed remotely and the exploit has been publicly disclosed.

CVE-2026-14731
Medium

A SQL injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the /patientreport.php file. Manipulating the editid argument allows remote exploitation. The exploit has been publicly released, increasing the risk of attacks.

CVE-2026-14730
Medium

A SQL injection vulnerability has been discovered in itsourcecode Hospital Management System 1.0 in the /patientprofile.php file. An attacker can remotely manipulate the patientname argument, leading to SQL injection. The exploit has been publicly released and may be used in attacks.

CVE-2026-14725
Medium

A vulnerability was found in SourceCodester Online Boat Reservation System 1.0 involving an unknown functionality that leads to session expiration. The attack can be launched remotely and the exploit is publicly available.

CVE-2026-14723
Medium

In AD-Security AD_Miner 1.9.0, the Cache Handler component's request_a function in ad_miner/scripts/analyse_cache.py mishandles the sys.argv[1] argument, causing deserialization. The attack requires local access.

CVE-2026-14722
High

A vulnerability was found in TidGi-Desktop up to version 0.13.0 in the Git Repository Import component. An unknown function in loadWikiTiddlersWithSubWikis.ts allows remote code injection. The exploit has been made public.

CVE-2026-14721
High

A vulnerability was found in UTT HiPER 1250GW up to version 3.2.7-210907-180535 in the file /goform/ConfigWirelessBase_5g. Manipulation of the ssid argument leads to a stack-based buffer overflow, exploitable remotely. The exploit has been publicly disclosed.

CVE-2026-14719
High

A vulnerability was found in SourceCodester Online Examination & Learning Management System 1.0 in the register.php file. Manipulating the 'role' argument during user registration allows improper privilege management. The attack can be executed remotely and an exploit has been published.

CVE-2026-14781
Medium

A flaw in the org.keycloak.broker.oidc package causes incorrect synchronization of the email_verified claim. When an OIDC provider has trustEmail=true and userinfo endpoint enabled, Keycloak retrieves the email from userinfo but the email_verified status only from the id_token. Lack of validation allows applying the verified status to any email address from userinfo.

CVE-2026-14717
Medium

A SQL injection vulnerability was found in itsourcecode Hospital Management System 1.0 in the /patientlogin.php file. An attacker can remotely manipulate the loginid argument, leading to unauthorized database access. The exploit is publicly available.

CVE-2026-14716
Medium

A security vulnerability was found in GoClaw up to version 3.13.0-beta.2. The issue affects the MethodRouter.Handle function in internal/gateway/router.go of the WebSocket RPC Handler component, leading to incorrect authorization. The attack can be launched remotely and the exploit has been publicly disclosed.

CVE-2026-14714
Medium

A missing authentication vulnerability exists in the verify_server function of the wx Endpoint component in zhayujie chatgpt-on-wechat CowAgent 2.1.0. The attack can be performed remotely and the exploit is publicly available.

CVE-2026-14713
High

A SQL injection vulnerability has been discovered in SourceCodester Pizzafy E-Commerce System 1.0 in the file /admin/ajax.php?action=confirm_order. An attacker can remotely manipulate the ID argument, leading to SQL injection. The exploit has been publicly released.

CVE-2026-14706
Medium

A SQL injection vulnerability was found in the Online Examination 1.0 system in the quiz creation feature. An attacker can remotely manipulate the name/total/right/wrong/time/tag/desc arguments in /update.php?q=addquiz, leading to SQL injection. The exploit is publicly available.

CVE-2026-14705
High

A SQL injection vulnerability was found in Online Examination 1.0 in the head.php file via the uname/password arguments. The attack can be launched remotely and the exploit has been publicly disclosed.

CVE-2026-14704
Medium

A vulnerability was found in bluebox up to version 4.5.12, allowing Cross-Site Scripting (XSS) via manipulation of the 'code' argument. The attack can be performed remotely and the exploit has been made public.

CVE-2026-14703
Medium

A SQL Injection vulnerability has been found in itsourcecode Hospital Management System 1.0 in the file /patientorder.php. An unknown function allows manipulation of the editid argument, enabling remote SQL injection. The exploit has been publicly disclosed.

CVE-2026-14702
Low

A vulnerability has been found in zcaceres markdownify-mcp up to version 1.1.0, involving insufficiently random values in the saveToTempFile function of src/Markdownify.ts. The attack requires local access and is difficult to exploit, but an exploit has been published.

CVE-2026-14701
Medium

A SQL injection vulnerability was found in the Internship Management System 1.0 in the file employer/details/change_password.php. An attacker can remotely manipulate the Current argument, leading to SQL injection. The exploit is publicly available.

CVE-2026-14700
High

A SQL injection vulnerability has been found in code-projects Internship Management System 1.0 in the employer/login.php file. An attacker can remotely manipulate the email/password arguments to inject malicious SQL code. Exploit details have been publicly disclosed.

PreviousPage 9 of 4511Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS