Lucene search
K

367748 matches found

CVE
CVE
added 29 minutes ago2 views

CVE-2026-34107 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in translate.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in translate.php line 14 without sanitization: exec"php jobs/translate.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS
Exploits0References2
CVE
CVE
added 30 minutes ago4 views

CVE-2026-34106 Guardian Language-System Unauthenticated OS Command Injection via id Parameter in subtitles.php

Guardian language-system passes the id GET parameter directly into a PHP exec call in subtitles.php line 19 without sanitization: exec"php jobs/subtitlerendering.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS
Exploits0References2
CVE
CVE
added 31 minutes ago2 views

CVE-2026-34105 Guardian Language-System Unauthenticated SQL Injection via id Parameter in translate_text.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translatetext.php line 15: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS
Exploits0References2
CVE
CVE
added 32 minutes ago2 views

CVE-2026-34104 Guardian Language-System Unauthenticated SQL Injection via name Parameter in designer.php

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS
Exploits0References2
CVE
CVE
added 33 minutes ago1 views

CVE-2026-34103 Guardian Language-System Unauthenticated SQL Injection via id Parameter in subtitles.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS
Exploits0References2
CVE
CVE
added 34 minutes ago1 views

CVE-2026-34102 Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info_get.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfoget.php line 16: SELECT FROM jobs where input1 = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS
Exploits0References2
CVE
CVE
added 35 minutes ago1 views

CVE-2026-34101 Guardian Language-System Unauthenticated SQL Injection via id Parameter in text_file.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS
Exploits0References2
CVE
CVE
added 36 minutes ago3 views

CVE-2026-34100 Guardian Language-System Unauthenticated SQL Injection via id Parameter in media.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS
Exploits0References2
CVE
CVE
added 38 minutes ago1 views

CVE-2026-34099 Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS
Exploits0References2
CVE
CVE
added 38 minutes ago1 views

CVE-2026-27409 WordPress Webba Booking plugin <= 6.4.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13...

5.3CVSS
Exploits0References1
CVE
CVE
added 42 minutes ago2 views

CVE-2026-34098 Guardian Language-System XSS via id Parameter in media.php

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php lines 119, 129. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS
Exploits0References2
CVE
CVE
added 43 minutes ago1 views

CVE-2026-34097 Guardian Language-System XSS via id Parameter in text_file.php

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS
Exploits0References2
CVE
CVE
added 52 minutes ago4 views

CVE-2026-34096 Guardian Language-System XSS via name Parameter in designer.php

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...

4.8CVSS
Exploits0References2
CVE
CVE
added 59 minutes ago1 views

CVE-2026-13211 Genucenter Disclosure of SNMP Credentials

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role...

4.3CVSS
Exploits0References1
CVE
CVE
added 1 hour ago1 views

CVE-2026-58454 JAIOTlink C492A-W6 4.8.30.57701411 RCE via /Anyka/config Endpoint

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTT...

7.7CVSS
Exploits0References3
CVE
CVE
added 1 hour ago3 views

CVE-2026-58453 JAIOTlink C492A-W6 4.8.30.57701411 Hard-coded Credentials via anyka_ipc

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anykaipc HTTP service on port 80...

9.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago1 views

CVE-2026-58452 JAIOTlink C492A-W6 4.8.30.57701411 OS Command Injection via SetMAC Endpoint

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a...

8.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago5 views

CVE-2026-58025

CVE-2026-58025 describes a deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. Affected are MediaWiki versions before 1.46.0, including 1.45.4, 1.44.6, and 1.43.9. The issue is linked to deserialization in files: includes/Import/WikiImporter.Php, includes/Import/Wik...

5.9CVSS
Exploits0References1
CVE
CVE
added 1 hour ago8 views

CVE-2026-58029

CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...

5.3CVSS
Exploits0References1
CVE
CVE
added 1 hour ago6 views

CVE-2026-58028

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation CentralAuth. This vulnerability is associated with program files includes/Api/ApiFormatBase.Php, includes/Api/ApiHelp.Php,...

Exploits0References1
CVE
CVE
added 1 hour ago7 views

CVE-2026-17747

Technical details for CVE-2026-17747 are not publicly available in the provided documents. This CVE entry appears reserved/placeholder. Monitor for updates from the responsible party.

Exploits0
CVE
CVE
added 1 hour ago10 views

CVE-2026-35801

Technical details for CVE-2026-35801 are not publicly available in the provided documents; monitor for updates.

Exploits0
CVE
CVE
added 1 hour ago8 views

CVE-2026-24270

CVE-2026-24270 affects NVIDIA AIStore framework. The issue, described as an authentication bypass, could allow an attacker to cause denial of service, escalate privileges, disclose information, and tamper with data. NVIDIA’s security bulletin lists affected versions as all platforms on versions 0...

9.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago5 views

CVE-2026-57517

Control Web Panel prior to version 0.9.8.1225 is affected by CVE-2026-57517, a blind SQL injection via the userRes POST parameter at the user endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leveraging MySQL root privileges obtained...

9.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago6 views

CVE-2026-24266

NVIDIA Triton Inference Server for Linux is affected by CVE-2026-24266, a use-after-free vulnerability that could lead to denial of service. The NVIDIA security bulletin confirms the issue, assigns a CVSS v3.1 base score of 5.9 (Impact: Availability) with Network attack vector, high attack comple...

5.9CVSS
Exploits0References3
CVE
CVE
added 1 hour ago5 views

CVE-2026-24264

CVE-2026-24264 affects NVIDIA Triton Inference Server for Linux. The security bulletin documents that an attacker can cause improper handling of highly compressed data, with the impact being denial of service . The vulnerability is addressed by updating to Triton Server r26.04 or later . Affected...

7.5CVSS
Exploits0References3
CVE
CVE
added 1 hour ago6 views

CVE-2026-58026

MediaWiki vulnerability CVE-2026-58026 affects Wikimedia Foundation MediaWiki, specifically a bypass in wgNonincludableNamespaces via embedding a redirect in other namespaces, in files including/Parser/Parser.php. Affected versions are MediaWiki before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issu...

Exploits0References1
CVE
CVE
added 1 hour ago3 views

CVE-2026-8857

CVE-2026-8857 concerns a vulnerability in the Wikimedia Foundation timeline extension EasyTimeline. Affected are timeline versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is linked to the extension’s files scripts/EasyTimeline.Pl and includes/Timeline.Php. The connected documents do ...

Exploits0References1
CVE
CVE
added 1 hour ago4 views

CVE-2026-58038

The CVE-2026-58038 entry describes a Stored XSS vulnerability in the Wikimedia Foundation timeline component, caused by improper neutralization of input during web page generation. The issue concerns files including Timeline.Php and scripts/EasyTimeline.Pl and affects timeline builds prior to the...

Exploits0References1
CVE
CVE
added 1 hour ago6 views

CVE-2026-58027

CVE-2026-58027 affects Wikimedia Foundation AbuseFilter. The issue arises in the QueryAbuseFilters.Php API, allowing an unauthenticated actor to see the hit count of private filters, which is hidden in the UI. Affected are AbuseFilter versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The CVSS b...

5.3CVSS
Exploits0References1
CVE
CVE
added 1 hour ago5 views

CVE-2026-24251

NVIDIA Megatron Bridge for Linux (CVE-2026-24251) is vulnerable due to improper control of dynamically managed code resources, enabling potential code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms this CVE and states that updati...

7.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago5 views

CVE-2026-24250

NVIDIA Megatron Bridge for Linux (Megatron-Bridge) is affected by CVE-2026-24250 due to improper validation of allowed inputs. The NVIDIA security bulletin lists this CVE among a set of related deserialization and resource-management issues that may lead to code execution, privilege escalation, d...

7.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago7 views

CVE-2026-58030

Summary : CVE-2026-58030 is a stored XSS in Wikimedia Foundation’s SyntaxHighlight_GeSHi due to improper neutralization of input in the linelinks processing. Affected versions are before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is associated with the includes/SyntaxHighlight.Php component an...

5.3CVSS
Exploits0References1
CVE
CVE
added 1 hour ago6 views

CVE-2026-24249

CVE-2026-24249 affects NVIDIA Megatron Bridge for Linux and describes deserialization of untrusted data leading to potential code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms this vulnerability is addressed in the security upda...

7.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago6 views

CVE-2026-24248

NVIDIA Megatron Bridge for Linux contains CVE-2026-24248: an attacker could cause improper control of code generation, potentially leading to code execution, privilege escalation, data tampering, and information disclosure. Affected product: Megatron Bridge for Linux. Root cause: improper control...

7.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago5 views

CVE-2026-24247

CVE-2026-24247 affects NVIDIA Megatron Bridge for Linux and is linked to deserialization of untrusted data, with potential for code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin notes mitigation by upgrading to version 0.4.1 or later (Me...

7.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago8 views

CVE-2026-58032

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6,...

5.3CVSS
Exploits0References1
CVE
CVE
added 1 hour ago5 views

CVE-2026-24246

NVIDIA Megatron Bridge for Linux is affected by CVE-2026-24246, a vulnerability in the handling of dynamically managed code resources that could lead to code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin indicates the fix is included in ...

7.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago5 views

CVE-2026-24245

CVE-2026-24245 affects NVIDIA Megatron Bridge for Linux. The vulnerability involves deserialization of untrusted data and could lead to code execution, privilege escalation, data tampering, and information disclosure. Affected: Megatron-Bridge; root cause not explicitly detailed beyond the deseri...

7.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago7 views

CVE-2026-58033

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.3CVSS
Exploits0References1
CVE
CVE
added 1 hour ago5 views

CVE-2026-24244

NVIDIA Megatron Bridge for Linux contains CVE-2026-24244, a deserialization of untrusted data vulnerability that can lead to code execution, privilege escalation, data tampering, and information disclosure. The NVIDIA security bulletin confirms affected product: Megatron-Bridge; updated versions ...

7.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago3 views

CVE-2026-8480

Stormshield Network Security versions affected: 4.3.0 to 4.3.41, 4.4.0 to 4.8.15, and 5.0.2 EA to 5.0.5. A revoked client certificate can still be used to authenticate to the captive-admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access. CVSS v3.1 ...

4.3CVSS
Exploits0References1
CVE
CVE
added 1 hour ago5 views

CVE-2026-58037

Summary: CVE-2026-58037 is a cross-site scripting vulnerability in MediaWiki’s log entry formatting code. The issue stems from improper input neutralization in log-related components (includes/Language/Language.php, includes/Logging/BlockLogFormatter.php, includes/Logging/LogFormatter.php, includ...

Exploits0References1
CVE
CVE
added 1 hour ago5 views

CVE-2026-24243

NVIDIA Megatron Bridge for Linux (CVE-2026-24243) is affected by a vulnerability in deserialization of untrusted data, potentially enabling code execution, privilege escalation, data tampering, and information disclosure. The issue arises in the Megatron Bridge software, with CVSSv3.1 base score ...

7.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago5 views

CVE-2026-24242

NVIDIA Megatron Bridge for Linux contains a vulnerability (CVE-2026-24242) that could allow a attacker to perform server-side request forgery, potentially leading to information disclosure. The NVIDIA security bulletin reassures that a software update to version 0.4.1 or later fixes this and othe...

7.8CVSS
Exploits0References3
CVE
CVE
added 1 hour ago6 views

CVE-2026-58036

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...

2.1CVSS
Exploits0References1
CVE
CVE
added 2 hours ago6 views

CVE-2026-24240

Summary (CVE-2026-24240): NVIDIA Megatron Bridge for Linux contains a vulnerability that allows deserialization of untrusted data, potentially enabling code execution, privilege escalation, data tampering, and information disclosure. Root cause: insecure deserialization in the bridge component. A...

7.8CVSS
Exploits0References3
CVE
CVE
added 2 hours ago3 views

CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 (PacsgearMediaServerEngine.dll) with ObjectURIs RemoteObj and UIRemoteObj and no authentication. An unauthenticated attacker can exploit MarshalByRefObject unmarshalling and implement .NET WebClient methods to read/write ...

9.8CVSS
Exploits0References3
CVE
CVE
added 2 hours ago6 views

CVE-2025-23351

NVIDIA advisory for CVE-2025-23351: A vulnerability in the command interface on NVIDIA Networking BlueField and ConnectX allows a local user with VF access to cause an out-of-bounds write, enabling potential arbitrary code execution on the device. Affected products include BlueField GA (BlueField...

9CVSS
Exploits0References3
CVE
CVE
added 2 hours ago3 views

CVE-2026-58126

PACSgear PACS Scan 5.2.1 is affected by an unauthenticated remote code execution through an exposed .NET Remoting TCP service (port 22222). The vulnerability chain starts with PGImageExchQueue.exe allowing arbitrary file read/write via the service, which can be leveraged with DLL hijacking in PGI...

9.8CVSS
Exploits0References3
Total number of security vulnerabilities367748