CVE tracker
355 subscribers
4.79K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
CVE-2026-14721 - UTT HiPER 1250GW Web Endpoint ConfigWirelessBase_5g stack-based overflow

CVE ID :CVE-2026-14721
Published : July 5, 2026, 8:16 a.m. | 3 hours, 39 minutes ago
Description :A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects an unknown function of the file /goform/ConfigWirelessBase_5g of the component Web Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14722 - tiddly-gittly TidGi-Desktop Git Repository Import loadWikiTiddlersWithSubWikis.ts code injection

CVE ID :CVE-2026-14722
Published : July 5, 2026, 8:16 a.m. | 3 hours, 39 minutes ago
Description :A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. The manipulation results in code injection. The attack may be performed from remote. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14723 - AD-Security AD_Miner Cache analyse_cache.py request_a deserialization

CVE ID :CVE-2026-14723
Published : July 5, 2026, 8:16 a.m. | 3 hours, 39 minutes ago
Description :A vulnerability was determined in AD-Security AD_Miner 1.9.0. Affected is the function request_a of the file ad_miner/scripts/analyse_cache.py of the component Cache Handler. This manipulation of the argument sys.argv[1] causes deserialization. The attack can only be executed locally. The pull request to fix this issue awaits acceptance.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14725 - SourceCodester Online Boat Reservation System session expiration

CVE ID :CVE-2026-14725
Published : July 5, 2026, 8:16 a.m. | 3 hours, 39 minutes ago
Description :A vulnerability was identified in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality. Such manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14730 - itsourcecode Hospital Management System patientprofile.php sql injection

CVE ID :CVE-2026-14730
Published : July 5, 2026, 9:16 a.m. | 2 hours, 39 minutes ago
Description :A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /patientprofile.php. Performing a manipulation of the argument patientname results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14731 - itsourcecode Hospital Management System patientreport.php sql injection

CVE ID :CVE-2026-14731
Published : July 5, 2026, 9:16 a.m. | 2 hours, 39 minutes ago
Description :A weakness has been identified in itsourcecode Hospital Management System 1.0. This affects an unknown part of the file /patientreport.php. Executing a manipulation of the argument editid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14732 - SourceCodester Class and Exam Timetabling System edit_exam.php sql injection

CVE ID :CVE-2026-14732
Published : July 5, 2026, 9:16 a.m. | 2 hours, 39 minutes ago
Description :A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This vulnerability affects unknown code of the file /edit_exam.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14733 - SourceCodester Class and Exam Timetabling System edit_coursea.php sql injection

CVE ID :CVE-2026-14733
Published : July 5, 2026, 9:16 a.m. | 2 hours, 39 minutes ago
Description :A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. This issue affects some unknown processing of the file /edit_coursea.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14737 - Hanwang e-Face General Management Platform querySysAuthStr.do sql injection

CVE ID :CVE-2026-14737
Published : July 5, 2026, 10 a.m. | 1 hour, 55 minutes ago
Description :A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14738 - exo-explore exo Vision Feature Cache vision.py _image_cache_key weak hash

CVE ID :CVE-2026-14738
Published : July 5, 2026, 10:15 a.m. | 1 hour, 40 minutes ago
Description :A security flaw has been discovered in exo-explore exo up to 1.0.71. Affected is the function _image_cache_key of the file src/exo/worker/engines/mlx/vision.py of the component Vision Feature Cache. The manipulation results in use of weak hash. It is possible to launch the attack remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14734 - SourceCodester Class and Exam Timetabling System edit_product.php sql injection

CVE ID :CVE-2026-14734
Published : July 5, 2026, 10:16 a.m. | 1 hour, 39 minutes ago
Description :A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_product.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14735 - code-projects Smart Parking System parkings.php sql injection

CVE ID :CVE-2026-14735
Published : July 5, 2026, 10:16 a.m. | 1 hour, 39 minutes ago
Description :A vulnerability has been found in code-projects Smart Parking System 1.0. The affected element is an unknown function of the file /parkings/parkings.php. Such manipulation of the argument street/city/status leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14736 - Ruijie RG-UAC user_auth_commit.php unrestricted upload

CVE ID :CVE-2026-14736
Published : July 5, 2026, 10:16 a.m. | 1 hour, 39 minutes ago
Description :A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file user_auth_commit.php. Performing a manipulation of the argument upload_image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14742 - langchain-ai langgraph Task Result Cache _cache.py _freeze weak hash

CVE ID :CVE-2026-14742
Published : July 5, 2026, 10:45 a.m. | 1 hour, 10 minutes ago
Description :A vulnerability was determined in langchain-ai langgraph up to 1.2.4. The affected element is the function _freeze of the file libs/langgraph/langgraph/_internal/_cache.py of the component Task Result Cache. This manipulation of the argument default_cache_key causes use of weak hash. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14743 - code-projects Real State Services normalHomeSale.php sql injection

CVE ID :CVE-2026-14743
Published : July 5, 2026, 12:17 p.m. | 3 hours, 39 minutes ago
Description :A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14744 - code-projects Real State Services normalHomeRent.php sql injection

CVE ID :CVE-2026-14744
Published : July 5, 2026, 12:17 p.m. | 3 hours, 39 minutes ago
Description :A security flaw has been discovered in code-projects Real State Services 1.0. This affects an unknown function of the file /normalHomeRent.php. Performing a manipulation of the argument loc results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14745 - code-projects Real State Services single-list_rent.php sql injection

CVE ID :CVE-2026-14745
Published : July 5, 2026, 12:17 p.m. | 3 hours, 39 minutes ago
Description :A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-list_rent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14746 - code-projects Real State Services addprojectrent.php sql injection

CVE ID :CVE-2026-14746
Published : July 5, 2026, 12:17 p.m. | 3 hours, 39 minutes ago
Description :A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14747 - code-projects Real State Services addprojectsale.php sql injection

CVE ID :CVE-2026-14747
Published : July 5, 2026, 1:16 p.m. | 2 hours, 39 minutes ago
Description :A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of the argument amen results in sql injection. The attack can be launched remotely.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14748 - AIAnytime Awesome-MCP-Server mcp-wiki/wiki-summary server.py server-side request forgery

CVE ID :CVE-2026-14748
Published : July 5, 2026, 1:16 p.m. | 2 hours, 39 minutes ago
Description :A flaw has been found in AIAnytime Awesome-MCP-Server up to a884bb51bcd99e08e14fd712c749d55d9d9a13ab. Affected by this issue is some unknown functionality of the file mcp-wiki/src/mcp_wiki/server.py of the component mcp-wiki/wiki-summary. This manipulation of the argument url causes server-side request forgery. The attack may be initiated remotely. The exploit has been published and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14749 - mjperpinosa stumasy calculate.php eval code injection

CVE ID :CVE-2026-14749
Published : July 5, 2026, 1:16 p.m. | 2 hours, 39 minutes ago
Description :A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imba_calculator/calculate.php. The manipulation of the argument mathematical_sentence leads to code injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...