Lucene search
+L

1604 matches found

nvd
nvd
added 2 days ago2 views

CVE-2026-49171

Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally...

7.5CVSS0.00261EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago21 views

CVE-2026-49171 Windows Speech Runtime Elevation of Privilege Vulnerability

...

7.5CVSS0.00261EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2 days ago3 views

CVE-2026-49171 Windows Speech Runtime Elevation of Privilege Vulnerability

...

7.5CVSS6.1AI score0.00261EPSS
Exploits0References1
cve
cve
added 2 days ago4 views

CVE-2026-49171

The CVE-2026-49171 entry describes a Use-After-Free vulnerability in Windows Speech Runtime that enables a locally authenticated attacker to elevate privileges. Affected: Microsoft Windows Speech Runtime components; root cause: use-after-free leading to arbitrary code or privilege escalation (det...

7.5CVSS6AI score0.00261EPSS
Exploits0References1
mscve
mscve
added 2 days ago4 views

Windows Speech Runtime Elevation of Privilege Vulnerability

Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally...

7.5CVSS6.1AI score0.00261EPSS
Exploits0
schneier
schneier
added last week13 views

The Language of AI Could Change How Humans Speak

Because of the way they are trained, large language models capture only a slice of human language. They're trained on the written word, from textbooks to social media posts, and our speech as captured in movies and on television. These models have minimal access to the unscripted conversations we...

5.9AI score
Exploits0
nvd
nvd
added 2026/07/06 8:16 p.m.6 views

CVE-2026-55646

vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLMMAXAUDIOCLIPFILESIZEMB...

6.5CVSS0.00289EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/02 7:39 p.m.8 views

CVE-2026-58580

LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS and updateTranslate methods filter target rows by message id alone, omitting the userId scope that sibli...

6CVSS5.8AI score0.00154EPSS
Exploits0References3
osv
osv
added 2026/07/02 7:39 p.m.4 views

CVE-2026-58580 LobeChat 2.2.9 - Broken Object-Level Authorization in Message Sub-Resource Writes

LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS and updateTranslate methods filter target rows by message id alone, omitting the userId scope that sibli...

6CVSS5.9AI score0.00154EPSS
Exploits0References5
nvd
nvd
added 2026/07/01 5:16 p.m.9 views

CVE-2026-34109

Guardian language-system passes the id GET parameter directly into a PHP exec call in speech.php line 18 without sanitization: exec"php jobs/speechaudio.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS0.00537EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/07/01 4:21 p.m.8 views

CVE-2026-34113 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speech_text.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechtext.php line 18 without sanitization: exec"php jobs/speechaudiotext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
euvd
euvd
added 2026/07/01 4:20 p.m.9 views

EUVD-2026-41070

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmac.php line 18 without sanitization: exec"php jobs/speechaudiomac.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/01 4:20 p.m.5 views

CVE-2026-34112

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmac.php line 18 without sanitization: exec"php jobs/speechaudiomac.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/01 4:18 p.m.8 views

CVE-2026-34109

Guardian language-system passes the id GET parameter directly into a PHP exec call in speech.php line 18 without sanitization: exec"php jobs/speechaudio.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References3
cve
cve
added 2026/07/01 4:18 p.m.28 views

CVE-2026-34109

The CVE concerns Guardian Language-System. The id GET parameter is passed directly into a PHP exec() call in speech.php (line 18) without sanitization, enabling unauthenticated remote command execution via shell metacharacters appended to the id parameter. This affects the server-side execution o...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/01 4:18 p.m.35 views

CVE-2026-34109 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in speech.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in speech.php line 18 without sanitization: exec"php jobs/speechaudio.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS0.00537EPSS
Exploits0References2
euvd
euvd
added 2026/07/01 4:18 p.m.8 views

EUVD-2026-41067

Guardian language-system passes the id GET parameter directly into a PHP exec call in speech.php line 18 without sanitization: exec"php jobs/speechaudio.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
euvd
euvd
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40432

Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard on its text-to-speech TTS generation endpoint packages/server/src/controllers/text-to-speech/index.ts, independent of the server's configured CORS policy. This bypasses the server's otherwise restrictive default CORS...

6.9CVSS5.8AI score0.00136EPSS
Exploits0References3
euvd
euvd
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40837

Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00152EPSS
Exploits0References3
euvd
euvd
added 2026/07/01 12:34 a.m.12 views

EUVD-2026-40792

Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00167EPSS
Exploits0References3
Rows per page
Query Builder