Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-14657 — code-projects Assessment Management Database Query marking-scheme.php sql injection

A flaw has been found in code-projects Assessment Management 1.0. This issue affects some unknown processing of the file /lecturer/marking-scheme.php of the component Database Query Handler. This man…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-14656 — code-projects Assessment Management remove-user.php cross site scripting

A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cr…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-14655 — code-projects Assessment Management view-users.php cross site scripting

A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argum…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-14654 — SourceCodester Simple and Nice Shopping Cart Script girlsproductdeletequery.php sql injec…

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the arg…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-14653 — SourceCodester Simple and Nice Shopping Cart Script mensproductdeletequery.php sql inject…

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the arg…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
4.8 MEDIUM
CVE-2024-1248 — Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege …

The silent Just-In-Time (JIT) provisioning feature in federated authentication implementations fails to properly segregate user roles during account creation when a federated user shares a username w…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-14652 — SourceCodester Simple and Nice Shopping Cart Script Admin Login login.php sql injection

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of t…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-14651 — connorskees grass visitor denial of service

A vulnerability has been found in connorskees grass up to 0.13.4. The impacted element is the function grass_compiler::selector::extend/grass_compiler::evaluate::visitor. The manipulation leads to de…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-14650 — connorskees grass UTF-8 Character raw_to_parse_error denial of service

A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grass_compiler::raw_to_parse_error of the component UTF-8 Character Handler. Executing a manipulation can…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-14649 — code-projects Online Voting System saveVote.php test_input sql injection

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function test_input of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/v…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
4.3 MEDIUM
CVE-2026-14647 — onnx onnxruntime old.cc convPoolShapeInference_opset19 out-of-bounds

A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipula…

Remote
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
7.5 HIGH
CVE-2026-14642 — SourceCodester Class and Exam Timetabling System edit_class2.php sql injection

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /edit_class2.php. The manipulation of the argu…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
7.5 HIGH
CVE-2026-14641 — SourceCodester Class and Exam Timetabling System edit_course.php sql injection

A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_course.php. Executing a manipulati…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
7.5 HIGH
CVE-2026-14640 — CodeAstro Apartment Visitor Management System Login index.php sql injection

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argumen…

Remote
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-14648 — code-projects Online Voting System Login authentication.php test_input sql injection

A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test_input of the file /authentication.php of the component Login. Such…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
6.5 MEDIUM
CVE-2026-14639 — CodeAstro Ecommerce Website my_account.php sql injection

A vulnerability has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /ecommerce-website-php/customer/my_account.php?edit_account. Such manipulation of the a…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
6.5 MEDIUM
CVE-2026-14638 — itsourcecode Hospital Management System patient.php sql injection

A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The att…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
8.5 HIGH
CVE-2026-14637 — kirilkirkov Ecommerce-CodeIgniter-Bootstrap ShoppingCart.php getCartItems deserialization

A security vulnerability has been detected in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to 13fd582aaf49aeab7438acc0fc3eb973a1f5e6a7. The affected element is the function getCartItems in the libr…

Remote
Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-12740 — Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 stat…

Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and Acc…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
0.0 NA
CVE-2026-12746 — Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the O…

Dancer2::Plugin::Auth::OAuth::Provider versions before 0.23 for Perl do not support the OAuth 2.0 state parameter. The authentication_url method builds the provider authorization redirect without is…

Jul 04, 2026 Jul 04, 2026
Jul 04, 2026
Jul 04, 2026
Showing 20 of 7908 Results