Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.8 MEDIUM
CVE-2026-14699 — zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to sym…

Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14698 — SourceCodester Syllabus-Aligned Learning Management and Examination System upload_files.p…

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. Impacted is an unknown function of the file upload_files.php. Performing a manip…

Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14695 — SourceCodester Multi-Vendor Online Grocery Management System Registration Users.php save_…

A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_client of the file classes/Users.php of the component Registration Handle…

Remote
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14694 — SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php ca…

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancel_order of the file classes/Master.php of the component…

Remote
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
5.5 MEDIUM
CVE-2026-14693 — SourceCodester Multi-Vendor Online Grocery Management System Master.php cancel_order impr…

A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancel_order of the file classes/Master.php. Executing a mani…

Remote
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14692 — SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php sa…

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function save_shop_type of the file classes/Master.php of the component POST P…

Remote
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14691 — SourceCodester Multi-Vendor Online Grocery Management System Setting SystemSettings.php u…

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function update_settings_info of the file classes/SystemSettings.php o…

Remote
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14690 — SourceCodester Multi-Vendor Online Grocery Management System Users.php save_users imprope…

A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_users of the file classes/Users.php. This manipulation causes improp…

Remote
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14689 — CodeAstro Apartment Visitor Management System add-apartment.php sql injection

A security flaw has been discovered in CodeAstro Apartment Visitor Management System 1.0. The impacted element is an unknown function of the file /apartment-visitor/add-apartment.php. The manipulatio…

Remote
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
0.0 NA
CVE-2026-14570 — Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from …

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit…

Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14688 — itsourcecode Online Hotel Management System login.php sql injection

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of the argument email lea…

Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
5.5 MEDIUM
CVE-2026-14687 — 666ghj BettaFish InsightEngine search-result Deduplication agent.py _deduplicate_results …

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function _deduplicate_results of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplica…

Remote
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
3.3 LOW
CVE-2026-14686 — HdrHistogram Range Check DoubleHistogram.java org.HdrHistogram.DoubleHistogram.recordValu…

A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of …

| Misconfiguration
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
3.3 LOW
CVE-2026-14685 — HdrHistogram AbstractHistogram AbstractHistogram.java recordValueWithCount state issue

A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the compo…

| Misconfiguration
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
3.3 LOW
CVE-2026-14684 — HdrHistogram AbstractHistogram.java memory allocation

A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java.…

| Memory Corruption
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
3.3 LOW
CVE-2026-14683 — HdrHistogram AbstractHistogram.java memory allocation

A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHis…

| Memory Corruption
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
7.5 HIGH
CVE-2026-14660 — code-projects Online Job Portal login.php sql injection

A vulnerability was found in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file login.php. Performing a manipulation of the argument txtUser/txtPass results …

online_job_portal | Remote | Injection
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
6.5 MEDIUM
CVE-2026-14659 — itsourcecode Hospital Management System patientappointment.php sql injection

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to…

hospital_management_system | Remote | Injection
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
6.5 MEDIUM
CVE-2026-14658 — code-projects Assessment Management marking-scheme.php sql injection

A vulnerability was detected in code-projects Assessment Management 1.0. This vulnerability affects unknown code of the file /lecturer/marking-scheme.php. The manipulation of the argument smarksrange…

assessment_management | Remote | Injection
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
6.5 MEDIUM
CVE-2026-14657 — code-projects Assessment Management Database Query marking-scheme.php sql injection

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This man…

assessment_management | Remote | Injection
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
Showing 20 of 7462 Results