Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-14753— mjperpinosa stumasy Note Handler/Assignment notes authorization

CVSS 7.3 · High EPSS 0.31% · P23

Possible ATT&CK Techniques 1AI

T1078 · Valid Accounts

Affected Version Matrix 1

VendorProductVersion RangeStatus
mjperpinosastumasy327d1b0f2915ba79d7ef8ebb74553e987609d9beaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-14753

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
mjperpinosa stumasy Note Handler/Assignment notes authorization
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignment_item_id results in authorization bypass. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过用户控制密钥绕过授权机制
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
mjperpinosastumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-14753

#POC DescriptionSource LinkShenlong Link
AI-Generated POCVerified env Premium
Qwen3.6-35B-A3B · 7067 chars
Pro+ exclusive includes:
Vulnerability reproduction recording (real sandbox build + trigger, exclusive)
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month

III. Intelligence Information for CVE-2026-14753

登录查看更多情报信息。

Proof of Concept for CVE-2026-14753 (1)

Other References for CVE-2026-14753 (1)

Same Patch Batch · mjperpinosa · 2026-07-05 · 5 CVEs total

CVE-2026-147497.3 HIGHmjperpinosa stumasy calculate.php eval code injection
CVE-2026-147507.3 HIGHmjperpinosa stumasy accessing_dictionary_authorization.php accessing_dictionary_authorizat
CVE-2026-147516.3 MEDIUMmjperpinosa stumasy search_scratch_data.php search_scratch_data sql injection
CVE-2026-147523.5 LOWmjperpinosa stumasy add_into_dictionary.php add_definition cross site scripting

IV. Related Vulnerabilities

V. Comments for CVE-2026-14753

No comments yet


Leave a comment