Export limit exceeded: 86051 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (86051 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14713 | 1 Sourcecodester | 1 Pizzafy E-commerce System | 2026-07-06 | 7.3 High |
| A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-14733 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-07-06 | 7.3 High |
| A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. This issue affects some unknown processing of the file /edit_coursea.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2026-14722 | 1 Tiddly-gittly | 1 Tidgi-desktop | 2026-07-06 | 7.3 High |
| A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2026-14688 | 1 Itsourcecode | 1 Online Hotel Management System | 2026-07-06 | 7.3 High |
| A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-14736 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2026-07-06 | 7.3 High |
| A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file user_auth_commit.php. Performing a manipulation of the argument upload_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-14754 | 1 Code-projects | 1 Hotel And Tourism Reservation | 2026-07-06 | 7.3 High |
| A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/add_room.php. Executing a manipulation of the argument delete_image/edit/description/number/price/rooms/type can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-8286 | 1 Curl | 1 Curl | 2026-07-06 | 8.1 High |
| A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not. | ||||
| CVE-2025-71362 | 2 Mmaitre314, Picklescan | 2 Picklescan, Picklescan | 2026-07-06 | 8.1 High |
| picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources. | ||||
| CVE-2025-71345 | 1 Mmaitre314 | 1 Picklescan | 2026-07-06 | 8.1 High |
| picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution. | ||||
| CVE-2026-9545 | 1 Curl | 1 Curl | 2026-07-06 | 7.5 High |
| In this scenario, libcurl first uses a proper HTTP/3 server for the initial transfers, and when it makes a second transfer to the same site it has been replaced by the attacker's impostor machine - without a valid certificate. When libcurl returns to the hostname the second time with a cached SSL session (`CURLOPT_SSL_SESSIONID_CACHE` is not disabled) and early data enabled (the `CURLSSLOPT_EARLYDATA` bit is set in `CURLOPT_SSL_OPTIONS`), libcurl might send off the second request's bytes on that new connection *before* enforcing the certificate verification failure. Potentially leaking sensitive information. | ||||
| CVE-2026-58297 | 1 Microsoft | 1 Edge Chromium | 2026-07-06 | 7.1 High |
| Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-14745 | 1 Code-projects | 1 Real State Services | 2026-07-06 | 7.3 High |
| A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-list_rent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-14763 | 1 Code-projects | 1 Hotel And Tourism Reservation | 2026-07-06 | 7.3 High |
| A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. This affects an unknown function of the file /admin/tour_reserves.php of the component Tour Reservations Page. This manipulation of the argument tour causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2026-14770 | 1 Sourcecodester | 1 Class And Exam Timetabling System | 2026-07-06 | 7.3 High |
| A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_room.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2026-58293 | 1 Microsoft | 1 Edge Chromium | 2026-07-06 | 8.1 High |
| External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-59092 | 1 Juicedata | 1 Juicefs | 2026-07-06 | 7.7 High |
| JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the /debug/pprof/cmdline endpoint to obtain the process command line containing metadata engine connection strings with database credentials, granting full read/write access to filesystem metadata, while other pprof handlers leak internal state and profiling handlers enable denial of service. | ||||
| CVE-2026-57977 | 1 Microsoft | 1 Edge Chromium | 2026-07-06 | 7.1 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-58299 | 1 Microsoft | 1 Edge Chromium | 2026-07-06 | 7.5 High |
| Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-58287 | 1 Microsoft | 1 Edge Chromium | 2026-07-06 | 8.3 High |
| Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-56645 | 1 Microsoft | 1 Edge Chromium | 2026-07-06 | 8.8 High |
| Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | ||||