Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.0 MEDIUM
CVE-2026-14752 — mjperpinosa stumasy add_into_dictionary.php add_definition cross site scripting

A security vulnerability has been detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This affects the function add_definition of the file application/PHP/objects/notes/ad…

stumasy | Remote | Cross-Site Scripting
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14751 — mjperpinosa stumasy search_scratch_data.php search_scratch_data sql injection

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notes_controller::search_scratch_data of the file applicatio…

stumasy | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14750 — mjperpinosa stumasy accessing_dictionary_authorization.php accessing_dictionary_authoriza…

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notes_controller::accessing_dictionary_authorization of…

stumasy | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
9.2 CRITICAL
CVE-2026-59509 — Unauthenticated arbitrary MongoDB collection read in cve-search

An unauthenticated improper input validation vulnerability in the POST /fetch_cve_data endpoint in cve-search. A remote attacker can manipulate request parameters controlling the MongoDB collection, …

Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14749 — mjperpinosa stumasy calculate.php eval code injection

A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imba_calculator/calculate.php. The ma…

stumasy | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14748 — AIAnytime Awesome-MCP-Server mcp-wiki/wiki-summary server.py server-side request forgery

A flaw has been found in AIAnytime Awesome-MCP-Server up to a884bb51bcd99e08e14fd712c749d55d9d9a13ab. Affected by this issue is some unknown functionality of the file mcp-wiki/src/mcp_wiki/server.py …

Remote | Server-Side Request Forgery
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14747 — code-projects Real State Services addprojectsale.php sql injection

A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of the argument ame…

real_state_services | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14746 — code-projects Real State Services addprojectrent.php sql injection

A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sq…

real_state_services | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14745 — code-projects Real State Services single-list_rent.php sql injection

A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-list_rent.php. Executing a manipulation of the argument ID can lead to sq…

real_state_services | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14744 — code-projects Real State Services normalHomeRent.php sql injection

A security flaw has been discovered in code-projects Real State Services 1.0. This affects an unknown function of the file /normalHomeRent.php. Performing a manipulation of the argument loc results i…

real_state_services | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14743 — code-projects Real State Services normalHomeSale.php sql injection

A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sq…

real_state_services | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
3.1 LOW
CVE-2026-14742 — langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash

A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function _freeze of the file libs/langgraph/langgraph/_internal/_cache.py of the component Task Resul…

Remote | Cryptography
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
3.7 LOW
CVE-2026-14738 — exo-explore exo Vision Feature Cache vision.py _image_cache_key weak hash

A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. …

Remote | Cryptography
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14737 — Hanwang e-Face General Management Platform querySysAuthStr.do sql injection

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument ord…

e-face_general_management_platform | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14736 — Ruijie RG-UAC user_auth_commit.php unrestricted upload

A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file user_auth_commit.php. Performing a manipulation of the argument upload_image re…

rg-uac | Remote | Authentication
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14735 — code-projects Smart Parking System parkings.php sql injection

A vulnerability has been found in code-projects Smart Parking System 1.0. The affected element is an unknown function of the file /parkings/parkings.php. Such manipulation of the argument street/city…

smart_parking_system | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14734 — SourceCodester Class and Exam Timetabling System edit_product.php sql injection

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_product.php. This manipulation of the argument ID causes sql injection…

class_and_exam_timetabling_system | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14733 — SourceCodester Class and Exam Timetabling System edit_coursea.php sql injection

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. This issue affects some unknown processing of the file /edit_coursea.php. The manipulation of the argument ID res…

class_and_exam_timetabling_system | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14732 — SourceCodester Class and Exam Timetabling System edit_exam.php sql injection

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This vulnerability affects unknown code of the file /edit_exam.php. The manipulation of the argumen…

class_and_exam_timetabling_system | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14731 — itsourcecode Hospital Management System patientreport.php sql injection

A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patientreport.php. Executing a manipulation of the argument editid can lead to…

hospital_management_system | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
Showing 20 of 7388 Results