370146 matches found
CVE-2026-34103
CVE-2026-34103 affects Guardian Language-System. The vulnerability arises from passing the unvalidated GET parameter 'id' directly into an unsanitized SQL query in subtitles.php, enabling error-based SQL injection that can disclose database contents. The query shown is: SELECT id, filename, exten...
CVE-2026-34102
Guardian Language-System contains an unauthenticated SQL injection vulnerability in job_info_get.php via the id GET parameter. The query directly interpolates $_GET['id'] into a SELECT * FROM jobs where input1 = '".$_GET['id']."', enabling error-based SQL injection. The issue’s impact is high: po...
CVE-2026-34101
Guardian Language-System is affected by an unauthenticated-looking but described as requiring authentication in the text: it passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17), enabling error-based SQL injection to extract database contents. The vulnerab...
CVE-2026-34100
Vulnerability: CVE-2026-34100 in Guardian Language-System. The media.php script builds an SQL query by concatenating the GET parameter id directly into a query: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$_GET['id']."'. This represents an unsanitized i...
CVE-2026-34099
The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...
CVE-2026-27409
CVE-2026-27409 : Missing Authorization in Webba Booking for WordPress (plugin)
CVE-2026-34098
CVE-2026-34098: Guardian Language-System contains an XSS in media.php via unsanitized id parameter (GET). The id value is inserted into HTML source and form actions (lines 119, 129), enabling script injection in a victim’s browser session. Affected: Guardian Language-System; vulnerability manifes...
CVE-2026-34097
CVE-2026-34097 concerns Guardian Language-System. The vulnerability arises because text_file.php fails to sanitize the GET parameter id before it is inserted into multiple HTML form action attributes (lines 94, 101, 323, 403, 826, 852). This allows an authenticated attacker to craft a URL that in...
CVE-2026-34096
Guardian Language-System XSS via name Parameter in designer.php. Root cause: failure to sanitize the name GET parameter before output into an HTML input value attribute (designer.php: line 57). Impact: authenticated attacker can craft a URL with script tags that execute in the victim’s browser se...
CVE-2026-13211
CVE-2026-13211 affects the Genucenter web interface prior to version 8.0p11, where SNMP authentication and encryption keys are exposed in HTTP responses to users with Service or Admin roles. This disclosure creates a confidentiality risk (SNMP credentials exposed); the documentation does not spec...
CVE-2026-58454
Affected product : JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Vulnerability : remote code execution via the authenticated /Anyka/config HTTP endpoint. Root cause / vector : attackers with authentication can write to writable persistent JFFS2 storage, stage a malicious s...
CVE-2026-58453
JAIOTlink C492A-W6 Wi‑Fi IP cameras (firmware 4.8.30.57701411) are affected by CVE-2026-58453 due to hard-coded credentials. An attacker on the network can authenticate to the anyka_ipc HTTP service (port 80) using the default admin username with an empty password, gaining unauthorized access to ...
CVE-2026-58452
The CVE covers JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Affected component is the NetSDK/Factory SetMAC HTTP PUT endpoint. The root cause is an OS command injection where a malicious Wireless parameter (starting with a MAC-like prefix, then a semicolon and a shell pay...
CVE-2026-58025
CVE-2026-58025 describes a deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki (affected components: includes/Import/WikiImporter.php, includes/Import/WikiRevision.php, includes/Logging/LogEntryBase.php) that affects MediaWiki releases prior to 1.46.0, including 1.45...
CVE-2026-58029
CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...
CVE-2026-58028
CVE-2026-58028 is an XSS vulnerability affecting Wikimedia Foundation MediaWiki and CentralAuth. The issue is tied to specific API and rendering components (ApiFormatBase.php, ApiHelp.php, ResourceLoader/Module.php, PageDisplayHookHandler.php, LogFormatter/PermissionChangeLogFormatter.php) and af...
CVE-2026-17747
Technical details for CVE-2026-17747 are not publicly available in the provided documents. This CVE entry appears reserved/placeholder. Monitor for updates from the responsible party.
CVE-2026-35801
Technical details for CVE-2026-35801 are not publicly available in the provided documents; monitor for updates.
CVE-2026-24270
CVE-2026-24270 affects NVIDIA AIStore framework. The issue, described as an authentication bypass, could allow an attacker to cause denial of service, escalate privileges, disclose information, and tamper with data. NVIDIA’s security bulletin lists affected versions as all platforms on versions 0...
CVE-2026-57517
Control Web Panel prior to version 0.9.8.1225 is affected by CVE-2026-57517, a blind SQL injection via the userRes POST parameter at the user endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leveraging MySQL root privileges obtained...