CVE-2026-14701
A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/detail
CVSS
6.3
Medium
EPSS
0.2%
p10
KEV
—
Exploit Today
3
0-100
Published: Jul 5, 2026 · Last modified: Jul 6, 2026 · CWE-74 · CWE-89
0.2%EPSS · 30 days0.2%
2026-07-052026-07-17
A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/details/change_password.php of the component Password Change Endpoint. The manipulation of the argument Current results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
- code-projects.orghttps://code-projects.org/
- github.comhttps://github.com/zzzxc643/CVE1/blob/main/assessment/vul8.md
- vuldb.comhttps://vuldb.com/cve/CVE-2026-14701
- vuldb.comhttps://vuldb.com/submit/846890
- vuldb.comhttps://vuldb.com/vuln/376297
- vuldb.comhttps://vuldb.com/vuln/376297/cti
- vuldb.comhttps://vuldb.com/submit/846890
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-422089.8 CRI99.7%
KEV—80BerriAI LiteLLM SQL Injection Vulnerability3dCVE-2026-222007.5 HIG99.4%
——30Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the server filesystem as bitmap images, allowing disclosure of sensitive local files in the context of the osTicket application user. This issue is exploitable in default configurations where guests may create tickets and access ticket status, or where self-registration is enabled.4dCVE-2020-249139.8 CRI98.5%
——30A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.9dCVE-2026-479927.2 HIG97.1%
——29Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to execute malicious SQL commands, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue does not require user interaction.3dCVE-2022-366358.8 HIG96.7%
——29ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injection vulnerability via the component /baseOpLog.do.9dCVE-2021-271329.8 CRI96.6%
——29SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.9d