367748 matches found
CVE-2026-34107 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in translate.php
Guardian language-system passes the id GET parameter directly into a PHP exec call in translate.php line 14 without sanitization: exec"php jobs/translate.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...
CVE-2026-34106 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in subtitles.php
Guardian language-system passes the id GET parameter directly into a PHP exec call in subtitles.php line 19 without sanitization: exec"php jobs/subtitlerendering.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...
CVE-2026-34105 Guardian Language-System Unauthenticated SQL Injection via id Parameter in translate_text.php
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translatetext.php line 15: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...
CVE-2026-34104 Guardian Language-System Unauthenticated SQL Injection via name Parameter in designer.php
Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...
CVE-2026-34103 Guardian Language-System Unauthenticated SQL Injection via id Parameter in subtitles.php
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...
CVE-2026-34102 Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info_get.php
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfoget.php line 16: SELECT FROM jobs where input1 = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...
CVE-2026-34101 Guardian Language-System Unauthenticated SQL Injection via id Parameter in text_file.php
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...
CVE-2026-34100 Guardian Language-System Unauthenticated SQL Injection via id Parameter in media.php
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...
CVE-2026-34099 Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info.php
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...
CVE-2026-27409 WordPress Webba Booking plugin <= 6.4.13 - Broken Access Control vulnerability
Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13...
CVE-2026-34098 Guardian Language-System XSS via id Parameter in media.php
Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...
CVE-2026-34097 Guardian Language-System XSS via id Parameter in text_file.php
Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...
CVE-2026-34096 Guardian Language-System XSS via name Parameter in designer.php
Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...
CVE-2026-13211 Genucenter Disclosure of SNMP Credentials
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role...
CVE-2026-58454 JAIOTlink C492A-W6 4.8.30.57701411 RCE via /Anyka/config Endpoint
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...
CVE-2026-58453 JAIOTlink C492A-W6 4.8.30.57701411 Hard-coded Credentials via anyka_ipc
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...
CVE-2026-58452 JAIOTlink C492A-W6 4.8.30.57701411 OS Command Injection via SetMAC Endpoint
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a...
CVE-2026-58025
CVE-2026-58025 describes a deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. Affected are MediaWiki versions before 1.46.0, including 1.45.4, 1.44.6, and 1.43.9. The issue is linked to deserialization in files: includes/Import/WikiImporter.Php, includes/Import/Wik...
CVE-2026-58029
CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...
CVE-2026-58028
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php,...
CVE-2026-17747
Technical details for CVE-2026-17747 are not publicly available in the provided documents. This CVE entry appears reserved/placeholder. Monitor for updates from the responsible party.
CVE-2026-35801
Technical details for CVE-2026-35801 are not publicly available in the provided documents; monitor for updates.
CVE-2026-24270
CVE-2026-24270 affects NVIDIA AIStore framework. The issue, described as an authentication bypass, could allow an attacker to cause denial of service, escalate privileges, disclose information, and tamper with data. NVIDIA’s security bulletin lists affected versions as all platforms on versions 0...
CVE-2026-57517
Control Web Panel prior to version 0.9.8.1225 is affected by CVE-2026-57517, a blind SQL injection via the userRes POST parameter at the user endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leveraging MySQL root privileges obtained...
CVE-2026-24266
NVIDIA Triton Inference Server for Linux is affected by CVE-2026-24266, a use-after-free vulnerability that could lead to denial of service. The NVIDIA security bulletin confirms the issue, assigns a CVSS v3.1 base score of 5.9 (Impact: Availability) with Network attack vector, high attack comple...
CVE-2026-24264
CVE-2026-24264 affects NVIDIA Triton Inference Server for Linux. The security bulletin documents that an attacker can cause improper handling of highly compressed data, with the impact being denial of service . The vulnerability is addressed by updating to Triton Server r26.04 or later . Affected...
CVE-2026-58026
MediaWiki vulnerability CVE-2026-58026 affects Wikimedia Foundation MediaWiki, specifically a bypass in wgNonincludableNamespaces via embedding a redirect in other namespaces, in files including/Parser/Parser.php. Affected versions are MediaWiki before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issu...
CVE-2026-8857
CVE-2026-8857 concerns a vulnerability in the Wikimedia Foundation timeline extension EasyTimeline. Affected are timeline versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is linked to the extension’s files scripts/EasyTimeline.Pl and includes/Timeline.Php. The connected documents do ...
CVE-2026-58038
The CVE-2026-58038 entry describes a Stored XSS vulnerability in the Wikimedia Foundation timeline component, caused by improper neutralization of input during web page generation. The issue concerns files including Timeline.Php and scripts/EasyTimeline.Pl and affects timeline builds prior to the...
CVE-2026-58027
CVE-2026-58027 affects Wikimedia Foundation AbuseFilter. The issue arises in the QueryAbuseFilters.Php API, allowing an unauthenticated actor to see the hit count of private filters, which is hidden in the UI. Affected are AbuseFilter versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The CVSS b...
CVE-2026-24251
NVIDIA Megatron Bridge for Linux (CVE-2026-24251) is vulnerable due to improper control of dynamically managed code resources, enabling potential code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms this CVE and states that updati...
CVE-2026-24250
NVIDIA Megatron Bridge for Linux (Megatron-Bridge) is affected by CVE-2026-24250 due to improper validation of allowed inputs. The NVIDIA security bulletin lists this CVE among a set of related deserialization and resource-management issues that may lead to code execution, privilege escalation, d...
CVE-2026-58030
Summary : CVE-2026-58030 is a stored XSS in Wikimedia Foundation’s SyntaxHighlight_GeSHi due to improper neutralization of input in the linelinks processing. Affected versions are before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is associated with the includes/SyntaxHighlight.Php component an...
CVE-2026-24249
CVE-2026-24249 affects NVIDIA Megatron Bridge for Linux and describes deserialization of untrusted data leading to potential code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms this vulnerability is addressed in the security upda...
CVE-2026-24248
NVIDIA Megatron Bridge for Linux contains CVE-2026-24248: an attacker could cause improper control of code generation, potentially leading to code execution, privilege escalation, data tampering, and information disclosure. Affected product: Megatron Bridge for Linux. Root cause: improper control...
CVE-2026-24247
CVE-2026-24247 affects NVIDIA Megatron Bridge for Linux and is linked to deserialization of untrusted data, with potential for code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin notes mitigation by upgrading to version 0.4.1 or later (Me...
CVE-2026-58032
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6,...
CVE-2026-24246
NVIDIA Megatron Bridge for Linux is affected by CVE-2026-24246, a vulnerability in the handling of dynamically managed code resources that could lead to code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin indicates the fix is included in ...
CVE-2026-24245
CVE-2026-24245 affects NVIDIA Megatron Bridge for Linux. The vulnerability involves deserialization of untrusted data and could lead to code execution, privilege escalation, data tampering, and information disclosure. Affected: Megatron-Bridge; root cause not explicitly detailed beyond the deseri...
CVE-2026-58033
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
CVE-2026-24244
NVIDIA Megatron Bridge for Linux contains CVE-2026-24244, a deserialization of untrusted data vulnerability that can lead to code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms affected product: Megatron-Bridge; updated versions ...
CVE-2026-8480
Stormshield Network Security versions affected: 4.3.0 to 4.3.41, 4.4.0 to 4.8.15, and 5.0.2 EA to 5.0.5. A revoked client certificate can still be used to authenticate to the captive-admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access. CVSS v3.1 ...
CVE-2026-58037
Summary: CVE-2026-58037 is a cross-site scripting vulnerability in MediaWiki’s log entry formatting code. The issue stems from improper input neutralization in log-related components (includes/Language/Language.php, includes/Logging/BlockLogFormatter.php, includes/Logging/LogFormatter.php, includ...
CVE-2026-24243
NVIDIA Megatron Bridge for Linux (CVE-2026-24243) is affected by a vulnerability in deserialization of untrusted data, potentially enabling code execution, privilege escalation, data tampering, and information disclosure. The issue arises in the Megatron Bridge software, with CVSSv3.1 base score ...
CVE-2026-24242
NVIDIA Megatron Bridge for Linux contains a vulnerability (CVE-2026-24242) that could allow a attacker to perform server-side request forgery, potentially leading to information disclosure. The NVIDIA security bulletin reassures that a software update to version 0.4.1 or later fixes this and othe...
CVE-2026-58036
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...
CVE-2026-24240
Summary (CVE-2026-24240): NVIDIA Megatron Bridge for Linux contains a vulnerability that allows deserialization of untrusted data, potentially enabling code execution, privilege escalation, data tampering, and information disclosure. Root cause: insecure deserialization in the bridge component. A...
CVE-2026-58127
PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 (PacsgearMediaServerEngine.dll) with ObjectURIs RemoteObj and UIRemoteObj and no authentication. An unauthenticated attacker can exploit MarshalByRefObject unmarshalling and implement .NET WebClient methods to read/write ...
CVE-2025-23351
NVIDIA advisory for CVE-2025-23351: A vulnerability in the command interface on NVIDIA Networking BlueField and ConnectX allows a local user with VF access to cause an out-of-bounds write, enabling potential arbitrary code execution on the device. Affected products include BlueField GA (BlueField...
CVE-2026-58126
PACSgear PACS Scan 5.2.1 is affected by an unauthenticated remote code execution through an exposed .NET Remoting TCP service (port 22222). The vulnerability chain starts with PGImageExchQueue.exe allowing arbitrary file read/write via the service, which can be leveraged with DLL hijacking in PGI...