Lucene search
K

368949 matches found

CVE
CVE
added 6 days ago8 views

CVE-2026-56151

This CVE affects Kibana with Fleet: Improper Input Validation (CWE-20) enabling Denial of Service via crafted Fleet policy input. Affected versions include 8.x (8.0.0–8.19.16), 9.x (9.0.0–9.3.5 and 9.4.0–9.4.2). The root cause is input validation failure for Fleet policy inputs, allowing an authe...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago19 views

CVE-2026-20244

CVE-2026-20244 affects the DMG file format parser in ClamAV. The root cause is improper boundary checks for DMG content during scanning, which may trigger an integer overflow on 32-bit platforms. An unauthenticated, remote attacker could submit a crafted DMG file for scanning, potentially causing...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-20215

CVE-2026-20215 affects ClamAV’s 7z file format parser. The issue stems from improper boundary checks on 7z content during scanning, causing an out-of-bounds memory write that can crash the ClamAV scanning process. This allows an unauthenticated, remote attacker to trigger a DoS (and possibly expa...

7.5CVSS6AI score0.00389EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago35 views

CVE-2026-20217

The CVE-2026-20217 entry concerns ClamAV’s PESpin file format parser. The vulnerability arises from improper boundary checks for PESpin content during scanning, causing memory corruption that can lead to an out-of-bounds buffer write. An attacker could submit a crafted PESpin file to be scanned, ...

7.5CVSS6AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 6 days ago29 views

CVE-2026-20216

CVE-2026-20216 concerns ClamAV’s InstallShield file format parser. The vulnerability arises from improper handling of temporary resources during scanning, enabling an unauthenticated, remote attacker to submit a crafted InstallShield file that can terminate the ClamAV scanning process and tempora...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References1
CVE
CVE
added 6 days ago37 views

CVE-2026-20213

This CVE (CVE-2026-20213) affects the ClamAV PE file format parser. A crafted PE content file submitted to the scanner can trigger memory corruption due to improper boundary checks, leading to an out-of-bounds write. An unauthenticated, remote attacker could cause the ClamAV scanning process to t...

7.5CVSS6AI score0.00463EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago18 views

CVE-2026-20214

CVE-2026-20214 affects ClamAV’s FSG file format parser. The issue arises from improper boundary checks for content in FSG files during scanning, leading to an out-of-bounds buffer write and memory corruption. An unauthenticated, remote attacker could submit a crafted file containing portable exec...

7.5CVSS6AI score0.00463EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago83 views

CVE-2026-20191

Cisco Catalyst Center is affected by CVE-2026-20191. The issue arises from insufficient validation of user-supplied input, enabling an unauthenticated remote attacker to read arbitrary files from a restricted container by sending a crafted HTTP request. CVSSv3.1 base score 7.5 (HIGH), with networ...

7.5CVSS6AI score0.00756EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-56150

MODE C: CVE-2026-56150 affects Elastic Fleet Server via Allocation of Resources Without Limits or Throttling (upload endpoint memory exhaustion). Multiple connected sources describe the vulnerability in Fleet Server's internal API packages and uploader, enabling an attacker to exhaust RAM and pot...

7.5CVSS5.8AI score0.00302EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago9 views

CVE-2026-34117

Guardian Language-System is affected by CVE-2026-34117 due to a vulnerability in text_to_subtitles.php where the id GET parameter is passed directly into PHP exec() without sanitization. This allows an unauthenticated, remote attacker to append shell metacharacters and execute arbitrary OS comman...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 6 days ago12 views

CVE-2026-34116

The CVE-2026-34116 entry concerns the Guardian language-system. The flaw occurs in transcribe.php where the GET parameter id is concatenated into a PHP exec() call without sanitization, enabling an unauthenticated remote attacker to inject shell commands. Affected component: Guardian language-sys...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-34115

Guardian Language-System is affected by CVE-2026-34115 where the GET param id is directly appended into a PHP exec() call in transcribe_amazon.php (line 15) without sanitization, enabling an unauthenticated remote attacker to inject shell metacharacters and execute arbitrary OS commands on the se...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 6 days ago11 views

CVE-2026-34114

Guardian language-system is affected by an unauthenticated OS command injection in translate_text.php. The code passes the id GET parameter directly into a PHP exec() call without sanitization, allowing an attacker to append shell metacharacters and execute arbitrary commands on the server. No au...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 6 days ago60 views

CVE-2026-56149

CVE-2026-56149 affects Elasticsearch and stems from Allocation of Resources Without Limits or Throttling (CWE-770), enabling a denial of service via Excessive memory allocation when a user with privileges to manage trained models submits a crafted machine learning request. Affected versions inclu...

4.9CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago10 views

CVE-2026-34113

CVE-2026-34113 : Guardian language-system is vulnerable to unauthenticated OS command injection via the id GET parameter in speech_text.php. The code passes the parameter directly into an exec() call: exec("php jobs/speech_audio_text.php "+login_session+" "+$_GET['id']+" ..."), allowing an attack...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 6 days ago14 views

CVE-2026-34112

Guardian Language-System is vulnerable to unauthenticated OS command injection via speechmac.php. The code passes the GET id parameter directly into an exec("php jobs/speech_audio_mac.php … "+id) without sanitization, enabling an attacker to append shell metacharacters and run arbitrary commands ...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-34111

CVE-2026-34111 : Guardian Language-System vulnerability where speechmac_text.php passes $_GET['id'] directly into an exec() call, enabling unauthenticated remote command execution via shell metacharacters. Affects the Guardian Language-System component (speech_text path) and is scored CRITICAL (C...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 6 days ago9 views

CVE-2026-34110

The CVE describes an unauthenticated OS command injection in Guardian language-system: complex_start.php passes the id GET parameter directly into exec("php jobs/complex.php ..."), unsafely incorporating $_GET['id'] without sanitization. This allows an unauthenticated attacker to append shell met...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-34109

The CVE concerns Guardian Language-System. The id GET parameter is passed directly into a PHP exec() call in speech.php (line 18) without sanitization, enabling unauthenticated remote command execution via shell metacharacters appended to the id parameter. This affects the server-side execution o...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 6 days ago13 views

CVE-2026-34108

The CVE-2026-34108 entry concerns Guardian Language-System. It describes an unauthenticated OS command injection in text.php where the id GET parameter is passed directly into exec("php jobs/text.php … ".$login_session." ".$_GET['id'].") without sanitization. This allows an unauthenticated remote...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
Rows per page
Query Builder