CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-59509 Unauthenticated arbitrary MongoDB collection read in cve-search 05.07.2026 9.2
CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write 03.07.2026 9.6
CVE-2026-20896 Gitea Docker image trusts spoofable reverse-proxy headers by default 05.07.2026 9.8
CVE-2026-22874 Gitea webhook and migration allow-list filtering permits SSRF 03.07.2026 9.6
CVE-2026-58289 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 03.07.2026 9
CVE-2026-4321 SQLi in Raera's Destekz 03.07.2026 9.8
CVE-2026-14544 Hplip: incomplete fix for cve-2026-8631 03.07.2026 9.8
CVE-2026-9725 Printcart Web to Print Product Designer for WooCommerce <= 2.5.2 - Unauthenticated Arbitrary File Deletion 03.07.2026 9.1
CVE-2026-13768 Gardyn IoT Hub Use of Hard-coded Credentials 02.07.2026 9.5
CVE-2026-13368 WatchGuard Firebox Race Condition and Use-After-Free in Mobile VPN with IKEv2 LDAP Authentication 02.07.2026 9.2
CVE-2026-41106 Microsoft 365 Copilot Elevation of Privilege Vulnerability 03.07.2026 9.3
CVE-2026-45499 Azure OpenAI Elevation of Privilege Vulnerability 03.07.2026 9.9
CVE-2026-57100 Microsoft Entra Provisioning Service Elevation of Privilege Vulnerability 03.07.2026 9.9
CVE-2026-52830 fast-mcp-telegram: Bearer token path traversal bypasses reserved Telegram session protection 02.07.2026 9.4
CVE-2026-58466 AutoBangumi < 3.2.8 - Hard-coded Default Credentials via add_default_user() 02.07.2026 9.3
CVE-2026-59099 Apereo CAS 7.3.0 < 8.0.0-RC6 - AES-GCM Nonce Reuse Information Disclosure 02.07.2026 9.3
CVE-2022-50973 Yonyou KSOA 9.0 Unauthenticated File Upload RCE via ImageUpload Servlet 02.07.2026 9.3
CVE-2024-14037 Redsea Cloud eHR Unauthenticated File Upload RCE via PtFjk.mob 02.07.2026 9.3
CVE-2026-44935 Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer 03.07.2026 9.9
CVE-2026-58455 Dockwatch 0.6.567 Unauthenticated OS Command Injection via ajax/compose.php 02.07.2026 9.2
CVE-2026-50746 02.07.2026 10
CVE-2026-50747 02.07.2026 9.9
CVE-2026-50748 02.07.2026 9.9
CVE-2026-54400 02.07.2026 9.1
CVE-2026-54402 02.07.2026 9.9
CVE-2026-55115 02.07.2026 9.9
CVE-2026-55116 02.07.2026 9
CVE-2026-56004 obs-service-tar_scm: command injection via mercurial handler 02.07.2026 10
CVE-2026-4767 Improper Access Control in TR7's WAF-ASP 02.07.2026 9.8
CVE-2026-5524 Divi Form Builder <= 5.1.8 - Unauthenticated Arbitrary File Upload Leading to Remote Code Execution via 'acceptFileTypes' Parameter 02.07.2026 9.8
CVE-2026-27419 WordPress Zegen theme <= 1.1.9 - Arbitrary File Upload vulnerability 02.07.2026 9.9
CVE-2026-27436 WordPress Five Star Business Profile and Schema plugin <= 2.3.19 - Arbitrary Code Execution vulnerability 02.07.2026 9.1
CVE-2026-57621 WordPress Booktics plugin <= 1.0.21 - PHP Object Injection vulnerability 02.07.2026 9.8
CVE-2026-57623 WordPress W3 Total Cache plugin <= 2.9.4 - Arbitrary Code Execution vulnerability 02.07.2026 9
CVE-2026-57624 WordPress Blocksy Companion Pro plugin <= 2.1.46 - Remote Code Execution (RCE) vulnerability 02.07.2026 10
CVE-2026-57625 WordPress Admin and Site Enhancements (ASE) Pro plugin <= 8.8.5 - Cross Site Scripting (XSS) vulnerability 02.07.2026 9.6
CVE-2026-57677 WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability 02.07.2026 9.8
CVE-2026-57679 WordPress GeekyBot plugin <= 1.2.5 - SQL Injection vulnerability 02.07.2026 9.3
CVE-2026-57683 WordPress WP Fast Total Search plugin <= 1.80.280 - SQL Injection vulnerability 02.07.2026 9.3
CVE-2026-14439 Path Traversal in Altium Git Service Allows Remote Code Execution 02.07.2026 9.4
CVE-2026-58457 Shenzhen Aitemi M300 MT02 Unauthenticated OS Command Injection via protocol.csp 01.07.2026 9.3
CVE-2026-50160 Mass Assignment via Onboarding Endpoint Allows Unauthenticated JWT_SECRET Overwrite 02.07.2026 10
CVE-2026-34108 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in text.php 02.07.2026 9.3
CVE-2026-34109 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speech.php 01.07.2026 9.3
CVE-2026-34110 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in complex_start.php 01.07.2026 9.3
CVE-2026-34111 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac_text.php 01.07.2026 9.3
CVE-2026-34112 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speechmac.php 01.07.2026 9.3
CVE-2026-34113 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speech_text.php 01.07.2026 9.3
CVE-2026-34114 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in translate_text.php 02.07.2026 9.3
CVE-2026-34115 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in transcribe_amazon.php 01.07.2026 9.3
CVE-2026-34116 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in transcribe.php 01.07.2026 9.3
CVE-2026-34117 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in text_to_subtitles.php 01.07.2026 9.3
CVE-2026-34099 Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info.php 02.07.2026 9.3
CVE-2026-34100 Guardian Language-System Unauthenticated SQL Injection via id Parameter in media.php 01.07.2026 9.3
CVE-2026-34101 Guardian Language-System Unauthenticated SQL Injection via id Parameter in text_file.php 01.07.2026 9.3
CVE-2026-34102 Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info_get.php 01.07.2026 9.3
CVE-2026-34103 Guardian Language-System Unauthenticated SQL Injection via id Parameter in subtitles.php 01.07.2026 9.3
CVE-2026-34104 Guardian Language-System Unauthenticated SQL Injection via name Parameter in designer.php 01.07.2026 9.3
CVE-2026-34105 Guardian Language-System Unauthenticated SQL Injection via id Parameter in translate_text.php 02.07.2026 9.3
CVE-2026-34106 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in subtitles.php 01.07.2026 9.3
CVE-2026-34107 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in translate.php 01.07.2026 9.3
CVE-2026-58453 JAIOTlink C492A-W6 4.8.30.57701411 Hard-coded Credentials via anyka_ipc 01.07.2026 9.3
CVE-2025-23350 01.07.2026 9
CVE-2025-23351 01.07.2026 9
CVE-2026-24270 01.07.2026 9.8
CVE-2026-57517 Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter 02.07.2026 9.3
CVE-2026-58126 PACSgear PACS Scan 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service 01.07.2026 9.3
CVE-2026-58127 PACSgear MediaWriter 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service 01.07.2026 9.3
CVE-2026-23537 Feast: unauthenticated arbitrary file write 02.07.2026 9.1
CVE-2026-13603 SSRF with API key leak in pretix-oppwa 01.07.2026 9
CVE-2026-57692 WordPress PrivateContent plugin <= 9.9.2 - Privilege Escalation vulnerability 01.07.2026 9.8
CVE-2026-14198 @fastify/middie vulnerable to authorization bypass via encoded slash in path parameter values 01.07.2026 9.1
CVE-2026-10539 Unauthenticated command injection in Control-M/Server communication command 01.07.2026 9.5
CVE-2026-11387 SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset 01.07.2026 9.8
CVE-2026-6070 WP-BusinessDirectory <= 4.0.1 - Unauthenticated Arbitrary File Deletion via Path Traversal via '_filename' Parameter 01.07.2026 9.1
CVE-2026-7839 UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access 01.07.2026 9.1
CVE-2026-7840 UltraVNC repeater HTTP server global buffer overflow via long URI (pre-auth RCE) 01.07.2026 9.3
CVE-2026-53488 containerd CRI plugin: — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull 03.07.2026 9.4
CVE-2026-50110 Use of Hard-coded Credentials in StoneFly Storage Concentrator 01.07.2026 9.3
CVE-2026-55721 SQL Injection in StoneFly Storage Concentrator 01.07.2026 9.2
CVE-2026-56413 OS Command Injection in StoneFly Storage Concentrator 01.07.2026 10
CVE-2026-56415 OS Command Injection in StoneFly Storage Concentrator 01.07.2026 10
CVE-2026-56264 Crawl4AI - Arbitrary JavaScript Execution via /execute_js Endpoint 01.07.2026 9.2
CVE-2026-56278 Flowise - Session Hijacking via Weak Default Express Session Secret 01.07.2026 9.3
CVE-2026-56700 Grav - Multiple Remote Code Execution Vulnerabilities via Unsafe Unserialize and Command Injection 01.07.2026 9.3
CVE-2026-50003 OFFIS DCMTK Toolkit Path Traversal 01.07.2026 9.3
CVE-2026-58449 txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter 01.07.2026 9.3
CVE-2026-10109 IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling 01.07.2026 9.8
CVE-2026-10134 Unauthenticated Server-Side RCE via PythonCodeStructuredTool in Public Flows 01.07.2026 10
CVE-2026-10140 Cross-Tenant API Key Reuse and Billing Fraud in Langflow Voice Mode Subsystem 02.07.2026 9.6
CVE-2026-11708 IBM WebSphere Application Server is affected by a cross-site scripting vulnerability 01.07.2026 9.3
CVE-2026-11712 IBM WebSphere Application Server is affected by a cross-site scripting vulnerability 01.07.2026 9.3
CVE-2026-7663 Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass 01.07.2026 9.1
CVE-2026-7803 Flow Validation Bypass via Empty Component Type Field 01.07.2026 9.8
CVE-2026-7871 Insecure Deserialization in Redis Cache Backend 01.07.2026 9.8
CVE-2026-7873 Code Injection Vulnerability in Code Validation Endpoint 01.07.2026 9.9
CVE-2026-7874 Weak Cryptographic Key Derivation Exposed All Stored Credentials 02.07.2026 9.1
CVE-2026-58138 Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators 01.07.2026 9.3
CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests 02.07.2026 9.3
CVE-2026-58370 Woodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author Name 02.07.2026 9.2
CVE-2026-48276 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434) 01.07.2026 10
CVE-2026-48277 ColdFusion | Improper Input Validation (CWE-20) 01.07.2026 10
CVE-2026-48281 ColdFusion | Improper Input Validation (CWE-20) 01.07.2026 10
CVE-2026-48282 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) 01.07.2026 10
CVE-2026-48283 ColdFusion | Unrestricted Upload of File with Dangerous Type (CWE-434) 01.07.2026 10
CVE-2026-48286 Adobe Campaign Classic (ACC) | Incorrect Authorization (CWE-863) 01.07.2026 10
CVE-2026-48313 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) 30.06.2026 9.3
CVE-2026-48315 ColdFusion | Improper Input Validation (CWE-20) 01.07.2026 9.3
CVE-2026-58116 LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path 30.06.2026 9.3
CVE-2026-6556 @fastify/express vulnerable to middleware bypass via non-string mount paths in prefixed plugins 30.06.2026 9.1
CVE-2026-44946 SAML Authentication Replay in Rancher 01.07.2026 9.5
CVE-2026-14162 Advantech|Hospital Quering Management - Missing Authentication 30.06.2026 9.3
CVE-2026-53690 SQL Injection in Redeight CMS 30.06.2026 9.3
CVE-2026-8402 SQLi in Exagate's SYSGUARD 6001 30.06.2026 9.8
CVE-2026-12076 SQL Injection in Raytha CMS 30.06.2026 9.3
CVE-2026-9711 EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter 30.06.2026 9.8
CVE-2026-12818 DVP-12SE Exposure of Sensitive Information Vulnerability 30.06.2026 9.3
CVE-2026-12819 DVP-12SE Missing Authentication and Unauthorized Write access Vulnerability 30.06.2026 9.3
CVE-2026-12073 ProfileGrid - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation via Email Overwrite 30.06.2026 9.8
CVE-2026-57498 Coolify Cross-Team IDOR: Livewire Components Accept Unscoped server_id and destination_uuid — Deploy to Other Teams' Servers 30.06.2026 9.6
CVE-2026-11720 Path Traversal in googleapis/mcp-toolbox HTTP Tool URL Builder 29.06.2026 9.3
CVE-2026-56782 Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints 30.06.2026 9.3
CVE-2026-41052 Rancher Privilege Escalation from Project Owner to Host 30.06.2026 9.4
CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0 05.07.2026 10
CVE-2026-57331 WordPress Paid Videochat Turnkey Site plugin <= 7.4.8 - Arbitrary File Deletion vulnerability 29.06.2026 9.9

Latest Updates

CVE Title Updated Score
CVE-2026-14759 radareorg radare2 RBinJava Line Number Table class.c r_bin_java_inner_classes_attr_calc_size heap-based overflow 05.07.2026
CVE-2026-14760 radareorg radare2 regprofile disasm.c r_core_seek_arch_bits use after free 05.07.2026
CVE-2026-14757 radareorg radare2 cmd_anal.inc core_anal_bytes integer overflow 05.07.2026
CVE-2026-14758 radareorg radare2 hexpairs cmd_anal.inc.c cmd_anal_opcode integer overflow 05.07.2026
CVE-2026-6509 Privilege Escalation in TUBITAK BILGEM's Pardus Update 05.07.2026 7.8
CVE-2026-12250 Sensitive Data Exposure in TUBITAK BILGEM's Pardus Domain Joiner 05.07.2026 7.9
CVE-2026-12386 Buffer Overflow in TUBITAK BILGEM's Pardus Pen 05.07.2026 3.9
CVE-2026-14755 code-projects Hotel and Tourism Reservation Reservations Management reservations.php sql injection 05.07.2026
CVE-2026-14756 code-projects Hotel and Tourism Reservation Tour Management add_tour.php sql injection 05.07.2026
CVE-2026-9085 DNS Hijacking in TUBITAK BILGEM's Pardus-Parental-Control 05.07.2026 8.8
CVE-2026-14752 mjperpinosa stumasy add_into_dictionary.php add_definition cross site scripting 05.07.2026
CVE-2026-14753 mjperpinosa stumasy Note Handler/Assignment notes authorization 05.07.2026
CVE-2026-14754 code-projects Hotel and Tourism Reservation add_room.php sql injection 05.07.2026
CVE-2026-14750 mjperpinosa stumasy accessing_dictionary_authorization.php accessing_dictionary_authorization sql injection 05.07.2026
CVE-2026-14751 mjperpinosa stumasy search_scratch_data.php search_scratch_data sql injection 05.07.2026
CVE-2026-14749 mjperpinosa stumasy calculate.php eval code injection 05.07.2026
CVE-2026-14747 code-projects Real State Services addprojectsale.php sql injection 05.07.2026
CVE-2026-14748 AIAnytime Awesome-MCP-Server mcp-wiki/wiki-summary server.py server-side request forgery 05.07.2026
CVE-2026-59509 Unauthenticated arbitrary MongoDB collection read in cve-search 05.07.2026
CVE-2026-14745 code-projects Real State Services single-list_rent.php sql injection 05.07.2026
CVE-2026-14746 code-projects Real State Services addprojectrent.php sql injection 05.07.2026
CVE-2026-14743 code-projects Real State Services normalHomeSale.php sql injection 05.07.2026
CVE-2026-14744 code-projects Real State Services normalHomeRent.php sql injection 05.07.2026
CVE-2026-14737 Hanwang e-Face General Management Platform querySysAuthStr.do sql injection 05.07.2026
CVE-2026-14738 exo-explore exo Vision Feature Cache vision.py _image_cache_key weak hash 05.07.2026
CVE-2026-14742 langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash 05.07.2026
CVE-2026-14734 SourceCodester Class and Exam Timetabling System edit_product.php sql injection 05.07.2026
CVE-2026-14735 code-projects Smart Parking System parkings.php sql injection 05.07.2026
CVE-2026-14736 Ruijie RG-UAC user_auth_commit.php unrestricted upload 05.07.2026
CVE-2026-14730 itsourcecode Hospital Management System patientprofile.php sql injection 05.07.2026
CVE-2026-14731 itsourcecode Hospital Management System patientreport.php sql injection 05.07.2026
CVE-2026-14732 SourceCodester Class and Exam Timetabling System edit_exam.php sql injection 05.07.2026
CVE-2026-14733 SourceCodester Class and Exam Timetabling System edit_coursea.php sql injection 05.07.2026
CVE-2026-14719 SourceCodester Onlne Examination & Learning Management System Registration Endpoint register.php privileges management 05.07.2026
CVE-2026-14721 UTT HiPER 1250GW Web Endpoint ConfigWirelessBase_5g stack-based overflow 05.07.2026
CVE-2026-14722 tiddly-gittly TidGi-Desktop Git Repository Import loadWikiTiddlersWithSubWikis.ts code injection 05.07.2026
CVE-2026-14723 AD-Security AD_Miner Cache analyse_cache.py request_a deserialization 05.07.2026
CVE-2026-14725 SourceCodester Online Boat Reservation System session expiration 05.07.2026
CVE-2026-14717 itsourcecode Hospital Management System patientlogin.php sql injection 05.07.2026
CVE-2026-14781 Keycloak-services: keycloak-services: oidc email_verified claim incorrectly applied to userinfo email 05.07.2026
CVE-2026-14704 stephen-kruger bluebox cross site scripting 05.07.2026
CVE-2026-14705 code-projects Online Examination head.php sql injection 05.07.2026
CVE-2026-14706 code-projects Online Examination Quiz Creation Feature update.php sql injection 05.07.2026
CVE-2026-14713 SourceCodester Pizzafy E-Commerce System ajax.php confirm_order sql injection 05.07.2026
CVE-2026-14714 zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentication 05.07.2026
CVE-2026-14716 nextlevelbuilder GoClaw WebSocket RPC router.go MethodRouter.Handle authorization 05.07.2026
CVE-2026-14698 SourceCodester Syllabus-Aligned Learning Management and Examination System upload_files.php unrestricted upload 05.07.2026
CVE-2026-14699 zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink 05.07.2026
CVE-2026-14700 code-projects Internship Management System Employer Login Endpoint login.php sql injection 05.07.2026
CVE-2026-14701 code-projects Internship Management System Password Change Endpoint change_password.php sql injection 05.07.2026
CVE-2026-14702 zcaceres markdownify-mcp webpage-to-markdown Markdownify.ts saveToTempFile random values 05.07.2026
CVE-2026-14703 itsourcecode Hospital Management System patientorder.php sql injection 05.07.2026
CVE-2026-14692 SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php save_shop_type sql injection 05.07.2026
CVE-2026-14693 SourceCodester Multi-Vendor Online Grocery Management System Master.php cancel_order improper authorization 05.07.2026
CVE-2026-14694 SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php cancel_order sql injection 05.07.2026
CVE-2026-14695 SourceCodester Multi-Vendor Online Grocery Management System Registration Users.php save_client sql injection 05.07.2026
CVE-2026-14570 Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery 05.07.2026
CVE-2026-14689 CodeAstro Apartment Visitor Management System add-apartment.php sql injection 05.07.2026
CVE-2026-14690 SourceCodester Multi-Vendor Online Grocery Management System Users.php save_users improper authorization 05.07.2026
CVE-2026-14691 SourceCodester Multi-Vendor Online Grocery Management System Setting SystemSettings.php update_settings_info code injection 05.07.2026
CVE-2026-14687 666ghj BettaFish InsightEngine search-result Deduplication agent.py _deduplicate_results partial string comparison 05.07.2026
CVE-2026-14688 itsourcecode Online Hotel Management System login.php sql injection 05.07.2026
CVE-2026-14686 HdrHistogram Range Check DoubleHistogram.java org.HdrHistogram.DoubleHistogram.recordValue comparison 05.07.2026
CVE-2026-14685 HdrHistogram AbstractHistogram AbstractHistogram.java recordValueWithCount state issue 04.07.2026
CVE-2026-14684 HdrHistogram AbstractHistogram.java memory allocation 04.07.2026
CVE-2026-14683 HdrHistogram AbstractHistogram.java memory allocation 04.07.2026
CVE-2026-14660 code-projects Online Job Portal login.php sql injection 04.07.2026
CVE-2026-14658 code-projects Assessment Management marking-scheme.php sql injection 04.07.2026
CVE-2026-14659 itsourcecode Hospital Management System patientappointment.php sql injection 04.07.2026
CVE-2026-14657 code-projects Assessment Management Database Query marking-scheme.php sql injection 04.07.2026
CVE-2026-14655 code-projects Assessment Management view-users.php cross site scripting 04.07.2026
CVE-2026-14656 code-projects Assessment Management remove-user.php cross site scripting 04.07.2026
CVE-2026-14654 SourceCodester Simple and Nice Shopping Cart Script girlsproductdeletequery.php sql injection 04.07.2026
CVE-2024-1248 Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation 04.07.2026 4.8
CVE-2026-14652 SourceCodester Simple and Nice Shopping Cart Script Admin Login login.php sql injection 04.07.2026
CVE-2026-14653 SourceCodester Simple and Nice Shopping Cart Script mensproductdeletequery.php sql injection 04.07.2026
CVE-2026-14651 connorskees grass visitor denial of service 04.07.2026
CVE-2026-14649 code-projects Online Voting System saveVote.php test_input sql injection 04.07.2026
CVE-2026-14650 connorskees grass UTF-8 Character raw_to_parse_error denial of service 04.07.2026
CVE-2026-14648 code-projects Online Voting System Login authentication.php test_input sql injection 04.07.2026
CVE-2026-14642 SourceCodester Class and Exam Timetabling System edit_class2.php sql injection 04.07.2026
CVE-2026-14647 onnx onnxruntime old.cc convPoolShapeInference_opset19 out-of-bounds 04.07.2026
CVE-2026-14640 CodeAstro Apartment Visitor Management System Login index.php sql injection 04.07.2026
CVE-2026-14641 SourceCodester Class and Exam Timetabling System edit_course.php sql injection 04.07.2026
CVE-2026-12740 Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter 04.07.2026
CVE-2026-12746 Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter 04.07.2026
CVE-2026-14639 CodeAstro Ecommerce Website my_account.php sql injection 04.07.2026
CVE-2026-14637 kirilkirkov Ecommerce-CodeIgniter-Bootstrap ShoppingCart.php getCartItems deserialization 04.07.2026
CVE-2026-14638 itsourcecode Hospital Management System patient.php sql injection 04.07.2026