Product
CVE-2026-14753: mjperpinosa stumasy Authorization Bypass
2 TTPs 1 CVE 1 IOCA critical authorization bypass vulnerability (CVE-2026-14753) has been identified in mjperpinosa stumasy, affecting versions up to and including commit 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This flaw, residing in an unknown function within the /PHP/objects/notes file of the Note Handler/Assignment Handler component, allows a remote attacker to bypass authorization by manipulating the 'assignment_item_id' argument. A public exploit is available, posing an immediate threat.
CVE-2026-14750 — SQL Injection in mjperpinosa stumasy via Password Argument
1 rule 3 TTPs 1 CVEA high-severity remote SQL injection vulnerability (CVE-2026-14750) exists in mjperpinosa stumasy up to commit 327d1b0f2915ba79d7ef8ebb74553e987609d9be, allowing unauthenticated attackers to manipulate the 'Password' argument in the `Notes_controller::accessing_dictionary_authorization` function to execute arbitrary SQL queries, leading to data exfiltration, manipulation, or potential server compromise via a publicly available exploit.
CVE-2026-14749: mjperpinosa stumasy Code Injection Vulnerability
1 rule 2 TTPs 1 CVEA code injection vulnerability (CVE-2026-14749) was identified in mjperpinosa stumasy, affecting versions up to commit 327d1b0f2915ba79d7ef8ebb74553e987609d9be, which allows remote attackers to execute arbitrary code by manipulating the 'mathematical_sentence' argument in the 'eval' function of 'application/pages/imba_calculator/calculate.php', with a public exploit available and no vendor response.