CVE Database

36304+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-14809
7.5 HIGH

Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Jul 6, 2026
CVE-2026-14802
7.3 HIGH

A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the function startBrowserProcess of the file openBrowser.js of the component react-dev-utils. …

Jul 6, 2026
CVE-2026-12083
8.1 HIGH

The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a …

Jul 6, 2026
CVE-2026-11962
8.8 HIGH

The FileOrganizer WordPress plugin before 1.2.0 does not validate the file type on several of its file-management operations, allowing authenticated users who have been granted …

Jul 6, 2026
CVE-2026-11855
8.8 HIGH

The Simple Membership WordPress plugin before 4.7.5 does not verify the authenticity of Stripe webhook requests when no signing secret is configured, nor escape a …

Jul 6, 2026
CVE-2026-11766
8.0 HIGH

The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user …

Jul 6, 2026
CVE-2026-10830
8.8 HIGH

The AllCoach WordPress plugin before 1.0.2 does not verify that an email address submitted to a public account-registration endpoint is not already associated with an …

Jul 6, 2026
CVE-2024-6228
7.5 HIGH

The Notifications for Forms & WordPress Actions WordPress plugin before 2.6 does not validate a user-supplied value before using it to build a server-side file …

Jul 6, 2026
CVE-2026-14778
7.3 HIGH

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajax_enroll.php of …

Jul 6, 2026
CVE-2026-14772
7.3 HIGH

A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /edit_course1.php. The …

Jul 5, 2026
CVE-2026-14771
7.3 HIGH

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /edit_exam1.php. Executing …

Jul 5, 2026
CVE-2026-14770
7.3 HIGH

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_room.php. Performing a manipulation of …

Jul 5, 2026
CVE-2026-14769
7.3 HIGH

A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of …

Jul 5, 2026
CVE-2026-14768
7.3 HIGH

A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument …

Jul 5, 2026
CVE-2026-14764
7.3 HIGH

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. This impacts an unknown function of the file /admin/add_event.php of the component Event …

Jul 5, 2026
CVE-2026-14763
7.3 HIGH

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. This affects an unknown function of the file /admin/tour_reserves.php of the component Tour …

Jul 5, 2026
CVE-2026-14762
7.3 HIGH

A vulnerability was detected in code-projects Hotel and Tourism Reservation 1.0. The impacted element is an unknown function of the file /admin/rooms.php of the component …

Jul 5, 2026
CVE-2026-9085
8.8 HIGH

Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing. This issue affects Pardus-Parental-Control: …

Jul 5, 2026
CVE-2026-6509
7.8 HIGH

Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation. This issue affects Pardus Update: from <=0.6.3 before 0.6.6.

Jul 5, 2026
CVE-2026-14756
7.3 HIGH

A vulnerability was found in code-projects Hotel and Tourism Reservation 1.0. Affected by this issue is some unknown functionality of the file /admin/add_tour.php of the …

Jul 5, 2026
CVE-2026-14755
7.3 HIGH

A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/reservations.php of …

Jul 5, 2026
CVE-2026-12250
7.9 HIGH

Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation. This issue affects Pardus Domain …

Jul 5, 2026
CVE-2026-14754
7.3 HIGH

A flaw has been found in code-projects Hotel and Tourism Reservation 1.0. Affected is an unknown function of the file /admin/add_room.php. Executing a manipulation of …

Jul 5, 2026
CVE-2026-14753
7.3 HIGH

A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. …

Jul 5, 2026
CVE-2026-14750
7.3 HIGH

A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notes_controller::accessing_dictionary_authorization of the file application/PHP/objects/notes/accessing_dictionary_authorization.php. The manipulation …

Jul 5, 2026
CVE-2026-14749
7.3 HIGH

A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imba_calculator/calculate.php. The manipulation of the argument mathematical_sentence …

Jul 5, 2026
CVE-2026-14747
7.3 HIGH

A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of …

Jul 5, 2026
CVE-2026-14746
7.3 HIGH

A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the …

Jul 5, 2026
CVE-2026-14745
7.3 HIGH

A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-list_rent.php. Executing a manipulation of the …

Jul 5, 2026
CVE-2026-14744
7.3 HIGH

A security flaw has been discovered in code-projects Real State Services 1.0. This affects an unknown function of the file /normalHomeRent.php. Performing a manipulation of …

Jul 5, 2026
CVE-2026-14743
7.3 HIGH

A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the …

Jul 5, 2026
CVE-2026-14737
7.3 HIGH

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument …

Jul 5, 2026
CVE-2026-14736
7.3 HIGH

A vulnerability was found in Ruijie RG-UAC up to 1.0-R1.8.2.p5. The impacted element is an unknown function of the file user_auth_commit.php. Performing a manipulation of …

Jul 5, 2026
CVE-2026-14735
7.3 HIGH

A vulnerability has been found in code-projects Smart Parking System 1.0. The affected element is an unknown function of the file /parkings/parkings.php. Such manipulation of …

Jul 5, 2026
CVE-2026-14734
7.3 HIGH

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_product.php. This manipulation of …

Jul 5, 2026
CVE-2026-14733
7.3 HIGH

A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. This issue affects some unknown processing of the file /edit_coursea.php. The manipulation of …

Jul 5, 2026
CVE-2026-14732
7.3 HIGH

A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This vulnerability affects unknown code of the file /edit_exam.php. The manipulation …

Jul 5, 2026
CVE-2026-14722
7.3 HIGH

A vulnerability was found in tiddly-gittly TidGi-Desktop up to 0.13.0. This impacts an unknown function of the file src/services/wiki/wikiWorker/loadWikiTiddlersWithSubWikis.ts of the component Git Repository Import. …

Jul 5, 2026
CVE-2026-14721
8.8 HIGH

A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects an unknown function of the file /goform/ConfigWirelessBase_5g of the component Web …

Jul 5, 2026
CVE-2026-14719
7.3 HIGH

A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php …

Jul 5, 2026
CVE-2026-14713
7.3 HIGH

A security flaw has been discovered in SourceCodester Pizzafy E-Commerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the …

Jul 5, 2026
CVE-2026-14705
7.3 HIGH

A vulnerability was determined in code-projects Online Examination 1.0. Affected by this issue is some unknown functionality of the file head.php. Executing a manipulation of …

Jul 5, 2026
CVE-2026-14700
7.3 HIGH

A security vulnerability has been detected in code-projects Internship Management System 1.0. The impacted element is an unknown function of the file employer/login.php of the …

Jul 5, 2026
CVE-2026-14695
7.3 HIGH

A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_client of the file classes/Users.php of the component Registration …

Jul 5, 2026
CVE-2026-14690
7.3 HIGH

A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_users of the file classes/Users.php. This manipulation causes …

Jul 5, 2026
CVE-2026-14570
7.5 HIGH

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces …

Jul 5, 2026
CVE-2026-14688
7.3 HIGH

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of …

Jul 5, 2026
CVE-2026-14660
7.3 HIGH

A vulnerability was found in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file login.php. Performing a manipulation of …

Jul 4, 2026
CVE-2026-14654
7.3 HIGH

A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of …

Jul 4, 2026
CVE-2026-14653
7.3 HIGH

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of …

Jul 4, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.