CVE-2026-14695
Description détaillée
A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_client of the file classes/Users.php of the component Registration Handler. The manipulation of the argument Name results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Vecteur d'attaque (CVSS)
Dernières Vulnérabilités
CVE-2026-14703
A vulnerability has been found in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /patientorder.php. Such manipulation of the argument editid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
CVE-2026-14702
A flaw has been found in zcaceres markdownify-mcp up to 1.1.0. This impacts the function saveToTempFile of the file src/Markdownify.ts of the component webpage-to-markdown/youtube-to-markdown/bing-search-to-markdown. This manipulation causes insufficiently random values. The attack is restricted to local execution. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
CVE-2026-14701
A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/details/change_password.php of the component Password Change Endpoint. The manipulation of the argument Current results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
