Lucene search
K

369034 matches found

CVE
CVE
added last week20 views

CVE-2026-20244

CVE-2026-20244 affects the DMG file format parser in ClamAV. The root cause is improper boundary checks for DMG content during scanning, which may trigger an integer overflow on 32-bit platforms. An unauthenticated, remote attacker could submit a crafted DMG file for scanning, potentially causing...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References1
CVE
CVE
added last week12 views

CVE-2026-20215

CVE-2026-20215 affects ClamAV’s 7z file format parser. The issue stems from improper boundary checks on 7z content during scanning, causing an out-of-bounds memory write that can crash the ClamAV scanning process. This allows an unauthenticated, remote attacker to trigger a DoS (and possibly expa...

7.5CVSS6AI score0.00389EPSS
Exploits0References1Affected Software1
CVE
CVE
added last week36 views

CVE-2026-20217

The CVE-2026-20217 entry concerns ClamAV’s PESpin file format parser. The vulnerability arises from improper boundary checks for PESpin content during scanning, causing memory corruption that can lead to an out-of-bounds buffer write. An attacker could submit a crafted PESpin file to be scanned, ...

7.5CVSS6AI score0.00389EPSS
Exploits0References1
CVE
CVE
added last week30 views

CVE-2026-20216

CVE-2026-20216 concerns ClamAV’s InstallShield file format parser. The vulnerability arises from improper handling of temporary resources during scanning, enabling an unauthenticated, remote attacker to submit a crafted InstallShield file that can terminate the ClamAV scanning process and tempora...

7.5CVSS5.8AI score0.00389EPSS
Exploits0References1
CVE
CVE
added last week40 views

CVE-2026-20213

This CVE (CVE-2026-20213) affects the ClamAV PE file format parser. A crafted PE content file submitted to the scanner can trigger memory corruption due to improper boundary checks, leading to an out-of-bounds write. An unauthenticated, remote attacker could cause the ClamAV scanning process to t...

7.5CVSS6AI score0.00463EPSS
Exploits0References1Affected Software1
CVE
CVE
added last week18 views

CVE-2026-20214

CVE-2026-20214 affects ClamAV’s FSG file format parser. The issue arises from improper boundary checks for content in FSG files during scanning, leading to an out-of-bounds buffer write and memory corruption. An unauthenticated, remote attacker could submit a crafted file containing portable exec...

7.5CVSS6AI score0.00463EPSS
Exploits0References1Affected Software1
CVE
CVE
added last week85 views

CVE-2026-20191

Cisco Catalyst Center is affected by CVE-2026-20191. The issue arises from insufficient validation of user-supplied input, enabling an unauthenticated remote attacker to read arbitrary files from a restricted container by sending a crafted HTTP request. CVSSv3.1 base score 7.5 (HIGH), with networ...

7.5CVSS6AI score0.00756EPSS
Exploits0References1
CVE
CVE
added last week10 views

CVE-2026-56150

MODE C: CVE-2026-56150 affects Elastic Fleet Server via Allocation of Resources Without Limits or Throttling (upload endpoint memory exhaustion). Multiple connected sources describe the vulnerability in Fleet Server's internal API packages and uploader, enabling an attacker to exhaust RAM and pot...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References1Affected Software1
CVE
CVE
added last week11 views

CVE-2026-34117

Guardian Language-System is affected by CVE-2026-34117 due to a vulnerability in text_to_subtitles.php where the id GET parameter is passed directly into PHP exec() without sanitization. This allows an unauthenticated, remote attacker to append shell metacharacters and execute arbitrary OS comman...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added last week12 views

CVE-2026-34116

The CVE-2026-34116 entry concerns the Guardian language-system. The flaw occurs in transcribe.php where the GET parameter id is concatenated into a PHP exec() call without sanitization, enabling an unauthenticated remote attacker to inject shell commands. Affected component: Guardian language-sys...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added last week10 views

CVE-2026-34115

Guardian Language-System is affected by CVE-2026-34115 where the GET param id is directly appended into a PHP exec() call in transcribe_amazon.php (line 15) without sanitization, enabling an unauthenticated remote attacker to inject shell metacharacters and execute arbitrary OS commands on the se...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added last week12 views

CVE-2026-34114

Guardian language-system is affected by an unauthenticated OS command injection in translate_text.php. The code passes the id GET parameter directly into a PHP exec() call without sanitization, allowing an attacker to append shell metacharacters and execute arbitrary commands on the server. No au...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added last week61 views

CVE-2026-56149

CVE-2026-56149 affects Elasticsearch and stems from Allocation of Resources Without Limits or Throttling (CWE-770), enabling a denial of service via Excessive memory allocation when a user with privileges to manage trained models submits a crafted machine learning request. Affected versions inclu...

4.9CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
CVE
CVE
added last week10 views

CVE-2026-34113

CVE-2026-34113 : Guardian language-system is vulnerable to unauthenticated OS command injection via the id GET parameter in speech_text.php. The code passes the parameter directly into an exec() call: exec("php jobs/speech_audio_text.php "+login_session+" "+$_GET['id']+" ..."), allowing an attack...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added last week15 views

CVE-2026-34112

Guardian Language-System is vulnerable to unauthenticated OS command injection via speechmac.php. The code passes the GET id parameter directly into an exec("php jobs/speech_audio_mac.php … "+id) without sanitization, enabling an attacker to append shell metacharacters and run arbitrary commands ...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added last week10 views

CVE-2026-34111

CVE-2026-34111 : Guardian Language-System vulnerability where speechmac_text.php passes $_GET['id'] directly into an exec() call, enabling unauthenticated remote command execution via shell metacharacters. Affects the Guardian Language-System component (speech_text path) and is scored CRITICAL (C...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added last week10 views

CVE-2026-34110

The CVE describes an unauthenticated OS command injection in Guardian language-system: complex_start.php passes the id GET parameter directly into exec("php jobs/complex.php ..."), unsafely incorporating $_GET['id'] without sanitization. This allows an unauthenticated attacker to append shell met...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added last week10 views

CVE-2026-34109

The CVE concerns Guardian Language-System. The id GET parameter is passed directly into a PHP exec() call in speech.php (line 18) without sanitization, enabling unauthenticated remote command execution via shell metacharacters appended to the id parameter. This affects the server-side execution o...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added last week13 views

CVE-2026-34108

The CVE-2026-34108 entry concerns Guardian Language-System. It describes an unauthenticated OS command injection in text.php where the id GET parameter is passed directly into exec("php jobs/text.php … ".$login_session." ".$_GET['id'].") without sanitization. This allows an unauthenticated remote...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added last week26 views

CVE-2026-56148

CVE-2026-56148 — Elasticsearch Uncontrolled Recursion (DoS) Affected software: Elasticsearch (8.x and 9.x lines). What is vulnerable: Uncontrolled recursion in query processing that can cause excessive resource consumption, leading to denial of service on a node. Exposed to authenticated users wi...

6.5CVSS5.8AI score0.00309EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder