Export limit exceeded: 362376 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362376 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14700 | 1 Code-projects | 1 Internship Management System | 2026-07-06 | 7.3 High |
| A security vulnerability has been detected in code-projects Internship Management System 1.0. The impacted element is an unknown function of the file employer/login.php of the component Employer Login Endpoint. The manipulation of the argument email/password leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-14706 | 1 Code-projects | 1 Online Examination | 2026-07-06 | 6.3 Medium |
| A vulnerability was identified in code-projects Online Examination 1.0. This affects an unknown part of the file /update.php?q=addquiz of the component Quiz Creation Feature. The manipulation of the argument name/total/right/wrong/time/tag/desc leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-14721 | 1 Utt | 1 Hiper 1250gw | 2026-07-06 | 8.8 High |
| A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects an unknown function of the file /goform/ConfigWirelessBase_5g of the component Web Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-14732 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-07-06 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This vulnerability affects unknown code of the file /edit_exam.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-14738 | 1 Exo-explore | 1 Exo | 2026-07-06 | 3.7 Low |
| A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-59102 | 1 Forgejo | 1 Forgejo | 2026-07-06 | 5.4 Medium |
| Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULT_SHOW_FULL_NAME option is enabled, the run description is assembled server-side with the user's display name interpolated into an HTML string via a translation function that does not escape its arguments, and the frontend renders the result using a Vue v-html binding, causing script execution for any user who views the affected Actions run page. | ||||
| CVE-2026-12167 | 2026-07-06 | 7.8 High | ||
| The Minifilter communication port for driver `GFAC_Sys_x64.sys` in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions. | ||||
| CVE-2026-54404 | 2026-07-06 | 8.8 High | ||
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances. | ||||
| CVE-2026-50746 | 2026-07-06 | 10 Critical | ||
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device. | ||||
| CVE-2026-50747 | 2026-07-06 | 9.9 Critical | ||
| A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device. | ||||
| CVE-2026-54402 | 2026-07-06 | 9.9 Critical | ||
| A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device. | ||||
| CVE-2026-14705 | 1 Code-projects | 1 Online Examination | 2026-07-06 | 7.3 High |
| A vulnerability was determined in code-projects Online Examination 1.0. Affected by this issue is some unknown functionality of the file head.php. Executing a manipulation of the argument uname/password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-14784 | 1 Vxcontrol | 1 Pentagi | 2026-07-06 | 6.3 Medium |
| A vulnerability was identified in vxcontrol PentAGI up to 2.1.0. This affects an unknown function of the file backend/pkg/docker/client.go of the component Docker API. The manipulation leads to sandbox issue. The attack may be initiated remotely. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-14747 | 1 Code-projects | 1 Real State Services | 2026-07-06 | 7.3 High |
| A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of the argument amen results in sql injection. The attack can be launched remotely. | ||||
| CVE-2026-14719 | 1 Sourcecodester | 1 Onlne Examination Learning Management System | 2026-07-06 | 7.3 High |
| A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The attack can be executed remotely. The exploit has been published and may be used. The name of the affected product appears to have a typo in it. | ||||
| CVE-2026-14731 | 1 Itsourcecode | 1 Hospital Management System | 2026-07-06 | 6.3 Medium |
| A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patientreport.php. Executing a manipulation of the argument editid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-14746 | 1 Code-projects | 1 Real State Services | 2026-07-06 | 7.3 High |
| A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-14753 | 1 Mjperpinosa | 1 Stumasy | 2026-07-06 | 7.3 High |
| A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignment_item_id results in authorization bypass. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-12250 | 2026-07-06 | 7.9 High | ||
| Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4. | ||||
| CVE-2026-9085 | 2026-07-06 | 8.8 High | ||
| Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing. This issue affects Pardus-Parental-Control: from <=0.5.1 before 0.7.0. | ||||