370115 matches found
CVE-2026-34111
CVE-2026-34111 : Guardian Language-System vulnerability where speechmac_text.php passes $_GET['id'] directly into an exec() call, enabling unauthenticated remote command execution via shell metacharacters. Affects the Guardian Language-System component (speech_text path) and is scored CRITICAL (C...
CVE-2026-34110
The CVE describes an unauthenticated OS command injection in Guardian language-system: complex_start.php passes the id GET parameter directly into exec("php jobs/complex.php ..."), unsafely incorporating $_GET['id'] without sanitization. This allows an unauthenticated attacker to append shell met...
CVE-2026-34109
The CVE concerns Guardian Language-System. The id GET parameter is passed directly into a PHP exec() call in speech.php (line 18) without sanitization, enabling unauthenticated remote command execution via shell metacharacters appended to the id parameter. This affects the server-side execution o...
CVE-2026-34108
The CVE-2026-34108 entry concerns Guardian Language-System. It describes an unauthenticated OS command injection in text.php where the id GET parameter is passed directly into exec("php jobs/text.php … ".$login_session." ".$_GET['id'].") without sanitization. This allows an unauthenticated remote...
CVE-2026-56148
CVE-2026-56148 — Elasticsearch Uncontrolled Recursion (DoS) Affected software: Elasticsearch (8.x and 9.x lines). What is vulnerable: Uncontrolled recursion in query processing that can cause excessive resource consumption, leading to denial of service on a node. Exposed to authenticated users wi...
CVE-2026-34107
CVE-2026-34107 affects Guardian Language-System. The vulnerability is an unauthenticated OS command injection via the id parameter in translate.php, where the id GET parameter is passed directly into an exec() call without sanitization. An unauthenticated remote attacker can append shell metachar...
CVE-2026-34106
Guardian Language-System is affected by an unauthenticated OS command injection in subtitles.php. The id GET parameter is directly concatenated into a PHP exec() call without sanitization, enabling remote attackers to inject shell metacharacters and execute arbitrary commands on the server. The v...
CVE-2026-34105
CVE-2026-34105 — Guardian Language-System : The vulnerability is in translate_text.php where the id GET parameter is directly interpolated into an unsanitized SQL query: SELECT id, filename, extension, type FROM files where id = '".$_GET['id']."'. This enables an error-based SQL injection, allowi...
CVE-2026-34104
The CVE-2026-34104 entry describes an unauthenticated SQL injection in Guardian Language-System via the name parameter in designer.php. The flaw arises because the GET parameter name is directly inserted into an unsanitized SQL query (SELECT * FROM complex WHERE name='".$_GET['name']."'), allowin...
CVE-2026-34103
CVE-2026-34103 affects Guardian Language-System. The vulnerability arises from passing the unvalidated GET parameter 'id' directly into an unsanitized SQL query in subtitles.php, enabling error-based SQL injection that can disclose database contents. The query shown is: SELECT id, filename, exten...
CVE-2026-34102
Guardian Language-System contains an unauthenticated SQL injection vulnerability in job_info_get.php via the id GET parameter. The query directly interpolates $_GET['id'] into a SELECT * FROM jobs where input1 = '".$_GET['id']."', enabling error-based SQL injection. The issue’s impact is high: po...
CVE-2026-34101
Guardian Language-System is affected by an unauthenticated-looking but described as requiring authentication in the text: it passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17), enabling error-based SQL injection to extract database contents. The vulnerab...
CVE-2026-34100
Vulnerability: CVE-2026-34100 in Guardian Language-System. The media.php script builds an SQL query by concatenating the GET parameter id directly into a query: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$_GET['id']."'. This represents an unsanitized i...
CVE-2026-34099
The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...
CVE-2026-27409
CVE-2026-27409 : Missing Authorization in Webba Booking for WordPress (plugin)
CVE-2026-34098
CVE-2026-34098: Guardian Language-System contains an XSS in media.php via unsanitized id parameter (GET). The id value is inserted into HTML source and form actions (lines 119, 129), enabling script injection in a victim’s browser session. Affected: Guardian Language-System; vulnerability manifes...
CVE-2026-34097
CVE-2026-34097 concerns Guardian Language-System. The vulnerability arises because text_file.php fails to sanitize the GET parameter id before it is inserted into multiple HTML form action attributes (lines 94, 101, 323, 403, 826, 852). This allows an authenticated attacker to craft a URL that in...
CVE-2026-34096
Guardian Language-System XSS via name Parameter in designer.php. Root cause: failure to sanitize the name GET parameter before output into an HTML input value attribute (designer.php: line 57). Impact: authenticated attacker can craft a URL with script tags that execute in the victim’s browser se...
CVE-2026-13211
CVE-2026-13211 affects the Genucenter web interface prior to version 8.0p11, where SNMP authentication and encryption keys are exposed in HTTP responses to users with Service or Admin roles. This disclosure creates a confidentiality risk (SNMP credentials exposed); the documentation does not spec...
CVE-2026-58454
Affected product : JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Vulnerability : remote code execution via the authenticated /Anyka/config HTTP endpoint. Root cause / vector : attackers with authentication can write to writable persistent JFFS2 storage, stage a malicious s...