Product
A high-severity SQL injection vulnerability, CVE-2026-14735, exists in code-projects Smart Parking System 1.0, allowing remote attackers to manipulate the `street`, `city`, or `status` arguments in `/parkings/parkings.php` to execute arbitrary SQL queries, potentially leading to arbitrary file read and data exfiltration, with public exploit details available.