Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.3 MEDIUM
CVE-2026-14647 — onnx onnxruntime old.cc convPoolShapeInference_opset19 out-of-bounds

A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipula…

Remote | Memory Corruption
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
7.5 HIGH
CVE-2026-14642 — SourceCodester Class and Exam Timetabling System edit_class2.php sql injection

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The manipulation of the argu…

class_and_exam_timetabling_system | Remote | Injection
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
7.5 HIGH
CVE-2026-14641 — SourceCodester Class and Exam Timetabling System edit_course.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_course.php. Executing a manipulati…

class_and_exam_timetabling_system | Remote | Injection
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
7.5 HIGH
CVE-2026-14640 — CodeAstro Apartment Visitor Management System Login index.php sql injection

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argumen…

Remote | Injection
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
6.5 MEDIUM
CVE-2026-14639 — CodeAstro Ecommerce Website my_account.php sql injection

A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/my_account.php?edit_account. Such manipulation of the a…

ecommerce_website | Remote | Injection
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
6.5 MEDIUM
CVE-2026-14638 — itsourcecode Hospital Management System patient.php sql injection

A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The att…

hospital_management_system | Remote | Injection
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
8.5 HIGH
CVE-2026-14637 — kirilkirkov Ecommerce-CodeIgniter-Bootstrap ShoppingCart.php getCartItems deserialization

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the libr…

Remote | Injection
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-12746 — Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the O…

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authentication_url method builds the provider authorization redirect without is…

| Cross-Site Request Forgery
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-12740 — Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 stat…

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and Acc…

| Cross-Site Request Forgery
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
5.5 MEDIUM
CVE-2026-14636 — kirilkirkov Ecommerce-CodeIgniter-Bootstrap Vendor Image Manager AddProduct.php do_upload…

A weakness has been identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 23105f25dadf57b4314fc015a63a7c6e910c89df. Impacted is the function do_upload_others_images of the file application/…

Remote | Path Traversal
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
7.5 HIGH
CVE-2026-14635 — kirilkirkov Ecommerce-CodeIgniter-Bootstrap Vendor Multi-Image Endpoint AddProduct.php pa…

A security flaw has been discovered in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 222ff31c06687b1c6d0e1ab63953f82c3674c52b. This issue affects some unknown processing of the file application/m…

Remote | Path Traversal
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
5.0 MEDIUM
CVE-2026-14634 — kirilkirkov Ecommerce-CodeIgniter-Bootstrap Subscribed Emails Admin MY_Controller.php che…

A vulnerability was identified in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 213babdbaa949e94557246414db0130e01394517. This vulnerability affects the function checkForPostRequests of the file …

Remote | Cross-Site Scripting
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
5.0 MEDIUM
CVE-2026-14633 — kirilkirkov Ecommerce-CodeIgniter-Bootstrap Hidden REST API Endpoint set cross site scrip…

A vulnerability was determined in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 49b20f53de2b7ec34e920b11c863f1491d911a04. This affects an unknown part of the file /index.php/api/product/set of th…

Remote | Cross-Site Scripting
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
5.0 MEDIUM
CVE-2026-14632 — kirilkirkov Ecommerce-CodeIgniter-Bootstrap Trusted Backend MY_Controller.php setReferrer…

A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 95dfa8cebbb87ab46ae450643a07241274a74dce. Affected by this issue is the function setReferrer of the file application/cor…

Remote | Misconfiguration
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
3.1 LOW
CVE-2026-14630 — ForceInjection AI-fundermentals Memory Recall smart_customer_service.py get_conversation_…

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function get_conversation_history of the file 08_agentic_system/memory/langchain/code/…

Remote | Cryptography
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
4.3 MEDIUM
CVE-2026-14629 — RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can…

Remote | Denial of Service
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
8.8 HIGH
CVE-2026-14535 — Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in Analys…

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shorten_code(node) on every import node it inspects, regardless …

fickling | Remote | Misconfiguration
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
8.8 HIGH
CVE-2026-14534 — Fickling check_safety() bypass via unlisted standard library modules (_posixsubprocess, s…

Trail of Bits fickling versions up to and including 0.1.10 do not include the Python standard library modules _posixsubprocess, site, and atexit in the UNSAFE_IMPORTS denylist (fickle.py). Because th…

fickling | Remote | Information Disclosure
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
5.5 MEDIUM
CVE-2026-14628 — NousResearch hermes-agent Live Webhook Endpoint base.py extract_media path traversal

A vulnerability was detected in NousResearch hermes-agent up to 2026.5.16. This impacts the function extract_media of the file gateway/platforms/base.py of the component Live Webhook Endpoint. Perfor…

hermes-agent | Remote | Path Traversal
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
5.6 MEDIUM
CVE-2026-14627 — NousResearch hermes-agent Discord Platform Integration discord.py DiscordAdapter._is_allo…

A security vulnerability has been detected in NousResearch hermes-agent up to 0.15.2. This affects the function DiscordAdapter._is_allowed_user of the file gateway/platforms/discord.py of the compone…

hermes-agent | Remote | Authentication
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
Showing 20 of 7454 Results