Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
4.8 MEDIUM
CVE-2026-14781 — Keycloak-services: keycloak-services: oidc email_verified claim incorrectly applied to us…

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the email_verified claim. When an OIDC identity provider is configured with trustEmail=true and th…

single_sign-on data_grid build_of_keycloak | Remote | Authentication
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14717 — itsourcecode Hospital Management System patientlogin.php sql injection

A vulnerability was detected in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /patientlogin.php. Performing a manipulation of the argument login…

hospital_management_system | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14716 — nextlevelbuilder GoClaw WebSocket RPC router.go MethodRouter.Handle authorization

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSock…

goclaw | Remote | Authorization
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14714 — zhayujie chatgpt-on-wechat CowAgent wx Endpoint common.py verify_server missing authentic…

A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.1.0. This issue affects the function verify_server of the file channel/wechatmp/common.py of the component wx Endpoint. This ma…

Remote | Authentication
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14713 — SourceCodester Pizzafy E-Commerce System ajax.php confirm_order sql injection

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the …

pizzafy_e-commerce_system | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14706 — code-projects Online Examination Quiz Creation Feature update.php sql injection

A vulnerability was identified in code-projects Online Examination 1.0. This affects an unknown part of the file /update.php?q=addquiz of the component Quiz Creation Feature. The manipulation of the …

Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14705 — code-projects Online Examination head.php sql injection

A vulnerability was determined in code-projects Online Examination 1.0. Affected by this issue is some unknown functionality of the file head.php. Executing a manipulation of the argument uname/passw…

Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
5.0 MEDIUM
CVE-2026-14704 — stephen-kruger bluebox cross site scripting

A vulnerability was found in stephen-kruger bluebox up to 4.5.12. Affected by this vulnerability is an unknown functionality. Performing a manipulation of the argument code results in cross site scri…

Remote | Cross-Site Scripting
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14703 — itsourcecode Hospital Management System patientorder.php sql injection

A vulnerability has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /patientorder.php. Such manipulation of the argument editid leads to sql inj…

hospital_management_system | Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
2.5 LOW
CVE-2026-14702 — zcaceres markdownify-mcp webpage-to-markdown Markdownify.ts saveToTempFile random values

A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-se…

| Cryptography
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14701 — code-projects Internship Management System Password Change Endpoint change_password.php s…

A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/details/change_password.php of the component Password Change Endp…

Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14700 — code-projects Internship Management System Employer Login Endpoint login.php sql injection

A security vulnerability has been detected in code-projects Internship Management System 1.0. The impacted element is an unknown function of the file employer/login.php of the component Employer Logi…

Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
4.8 MEDIUM
CVE-2026-14699 — zcaceres markdownify-mcp Markdownify.ts assertPathAllowed symlink

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to sym…

| Path Traversal
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14698 — SourceCodester Syllabus-Aligned Learning Management and Examination System upload_files.p…

A security flaw has been discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. Impacted is an unknown function of the file upload_files.php. Performing a manip…

Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14695 — SourceCodester Multi-Vendor Online Grocery Management System Registration Users.php save_…

A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_client of the file classes/Users.php of the component Registration Handle…

Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14694 — SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php ca…

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancel_order of the file classes/Master.php of the component…

Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
5.5 MEDIUM
CVE-2026-14693 — SourceCodester Multi-Vendor Online Grocery Management System Master.php cancel_order impr…

A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancel_order of the file classes/Master.php. Executing a mani…

Remote | Authorization
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14692 — SourceCodester Multi-Vendor Online Grocery Management System POST Parameter Master.php sa…

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function save_shop_type of the file classes/Master.php of the component POST P…

Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
6.5 MEDIUM
CVE-2026-14691 — SourceCodester Multi-Vendor Online Grocery Management System Setting SystemSettings.php u…

A security vulnerability has been detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This impacts the function update_settings_info of the file classes/SystemSettings.php o…

Remote | Injection
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
7.5 HIGH
CVE-2026-14690 — SourceCodester Multi-Vendor Online Grocery Management System Users.php save_users imprope…

A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_users of the file classes/Users.php. This manipulation causes improp…

Remote | Authorization
Jul 05, 2026 Jul 05, 2026
Jul 05, 2026
Jul 05, 2026
Showing 20 of 7392 Results