Lucene search
K

369434 matches found

CVE
CVE
added 2026/07/01 4:23 p.m.14 views

CVE-2026-34116

The CVE-2026-34116 entry concerns the Guardian language-system. The flaw occurs in transcribe.php where the GET parameter id is concatenated into a PHP exec() call without sanitization, enabling an unauthenticated remote attacker to inject shell commands. Affected component: Guardian language-sys...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:22 p.m.10 views

CVE-2026-34115

Guardian Language-System is affected by CVE-2026-34115 where the GET param id is directly appended into a PHP exec() call in transcribe_amazon.php (line 15) without sanitization, enabling an unauthenticated remote attacker to inject shell metacharacters and execute arbitrary OS commands on the se...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:21 p.m.12 views

CVE-2026-34114

Guardian language-system is affected by an unauthenticated OS command injection in translate_text.php. The code passes the id GET parameter directly into a PHP exec() call without sanitization, allowing an attacker to append shell metacharacters and execute arbitrary commands on the server. No au...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:21 p.m.62 views

CVE-2026-56149

CVE-2026-56149 affects Elasticsearch and stems from Allocation of Resources Without Limits or Throttling (CWE-770), enabling a denial of service via Excessive memory allocation when a user with privileges to manage trained models submits a crafted machine learning request. Affected versions inclu...

4.9CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 4:21 p.m.10 views

CVE-2026-34113

CVE-2026-34113 : Guardian language-system is vulnerable to unauthenticated OS command injection via the id GET parameter in speech_text.php. The code passes the parameter directly into an exec() call: exec("php jobs/speech_audio_text.php "+login_session+" "+$_GET['id']+" ..."), allowing an attack...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:20 p.m.16 views

CVE-2026-34112

Guardian Language-System is vulnerable to unauthenticated OS command injection via speechmac.php. The code passes the GET id parameter directly into an exec("php jobs/speech_audio_mac.php … "+id) without sanitization, enabling an attacker to append shell metacharacters and run arbitrary commands ...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:20 p.m.11 views

CVE-2026-34111

CVE-2026-34111 : Guardian Language-System vulnerability where speechmac_text.php passes $_GET['id'] directly into an exec() call, enabling unauthenticated remote command execution via shell metacharacters. Affects the Guardian Language-System component (speech_text path) and is scored CRITICAL (C...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:19 p.m.11 views

CVE-2026-34110

The CVE describes an unauthenticated OS command injection in Guardian language-system: complex_start.php passes the id GET parameter directly into exec("php jobs/complex.php ..."), unsafely incorporating $_GET['id'] without sanitization. This allows an unauthenticated attacker to append shell met...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:18 p.m.11 views

CVE-2026-34109

The CVE concerns Guardian Language-System. The id GET parameter is passed directly into a PHP exec() call in speech.php (line 18) without sanitization, enabling unauthenticated remote command execution via shell metacharacters appended to the id parameter. This affects the server-side execution o...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:17 p.m.15 views

CVE-2026-34108

The CVE-2026-34108 entry concerns Guardian Language-System. It describes an unauthenticated OS command injection in text.php where the id GET parameter is passed directly into exec("php jobs/text.php … ".$login_session." ".$_GET['id'].") without sanitization. This allows an unauthenticated remote...

9.8CVSS6.1AI score0.00549EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:17 p.m.31 views

CVE-2026-56148

CVE-2026-56148 — Elasticsearch Uncontrolled Recursion (DoS) Affected software: Elasticsearch (8.x and 9.x lines). What is vulnerable: Uncontrolled recursion in query processing that can cause excessive resource consumption, leading to denial of service on a node. Exposed to authenticated users wi...

6.5CVSS5.8AI score0.00309EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 4:16 p.m.16 views

CVE-2026-34107

CVE-2026-34107 affects Guardian Language-System. The vulnerability is an unauthenticated OS command injection via the id parameter in translate.php, where the id GET parameter is passed directly into an exec() call without sanitization. An unauthenticated remote attacker can append shell metachar...

9.8CVSS6.1AI score0.0068EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:16 p.m.11 views

CVE-2026-34106

Guardian Language-System is affected by an unauthenticated OS command injection in subtitles.php. The id GET parameter is directly concatenated into a PHP exec() call without sanitization, enabling remote attackers to inject shell metacharacters and execute arbitrary commands on the server. The v...

9.8CVSS6.1AI score0.0068EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:15 p.m.11 views

CVE-2026-34105

CVE-2026-34105 — Guardian Language-System : The vulnerability is in translate_text.php where the id GET parameter is directly interpolated into an unsanitized SQL query: SELECT id, filename, extension, type FROM files where id = '".$_GET['id']."'. This enables an error-based SQL injection, allowi...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:13 p.m.12 views

CVE-2026-34104

The CVE-2026-34104 entry describes an unauthenticated SQL injection in Guardian Language-System via the name parameter in designer.php. The flaw arises because the GET parameter name is directly inserted into an unsanitized SQL query (SELECT * FROM complex WHERE name='".$_GET['name']."'), allowin...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:12 p.m.8 views

CVE-2026-34103

CVE-2026-34103 affects Guardian Language-System. The vulnerability arises from passing the unvalidated GET parameter 'id' directly into an unsanitized SQL query in subtitles.php, enabling error-based SQL injection that can disclose database contents. The query shown is: SELECT id, filename, exten...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:11 p.m.9 views

CVE-2026-34102

Guardian Language-System contains an unauthenticated SQL injection vulnerability in job_info_get.php via the id GET parameter. The query directly interpolates $_GET['id'] into a SELECT * FROM jobs where input1 = '".$_GET['id']."', enabling error-based SQL injection. The issue’s impact is high: po...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:11 p.m.12 views

CVE-2026-34101

Guardian Language-System is affected by an unauthenticated-looking but described as requiring authentication in the text: it passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17), enabling error-based SQL injection to extract database contents. The vulnerab...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:10 p.m.11 views

CVE-2026-34100

Vulnerability: CVE-2026-34100 in Guardian Language-System. The media.php script builds an SQL query by concatenating the GET parameter id directly into a query: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$_GET['id']."'. This represents an unsanitized i...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:8 p.m.12 views

CVE-2026-34099

The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
Rows per page
Query Builder