Lucene search
K

370185 matches found

CVE
CVE
added 2026/07/01 4:11 p.m.10 views

CVE-2026-34102

Guardian Language-System contains an unauthenticated SQL injection vulnerability in job_info_get.php via the id GET parameter. The query directly interpolates $_GET['id'] into a SELECT * FROM jobs where input1 = '".$_GET['id']."', enabling error-based SQL injection. The issue’s impact is high: po...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:11 p.m.14 views

CVE-2026-34101

Guardian Language-System is affected by an unauthenticated-looking but described as requiring authentication in the text: it passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17), enabling error-based SQL injection to extract database contents. The vulnerab...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:10 p.m.15 views

CVE-2026-34100

Vulnerability: CVE-2026-34100 in Guardian Language-System. The media.php script builds an SQL query by concatenating the GET parameter id directly into a query: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$_GET['id']."'. This represents an unsanitized i...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:8 p.m.14 views

CVE-2026-34099

The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:7 p.m.13 views

CVE-2026-27409

CVE-2026-27409 : Missing Authorization in Webba Booking for WordPress (plugin)

5.3CVSS5.8AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:4 p.m.12 views

CVE-2026-34098

CVE-2026-34098: Guardian Language-System contains an XSS in media.php via unsanitized id parameter (GET). The id value is inserted into HTML source and form actions (lines 119, 129), enabling script injection in a victim’s browser session. Affected: Guardian Language-System; vulnerability manifes...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:2 p.m.14 views

CVE-2026-34097

CVE-2026-34097 concerns Guardian Language-System. The vulnerability arises because text_file.php fails to sanitize the GET parameter id before it is inserted into multiple HTML form action attributes (lines 94, 101, 323, 403, 826, 852). This allows an authenticated attacker to craft a URL that in...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:53 p.m.10 views

CVE-2026-34096

Guardian Language-System XSS via name Parameter in designer.php. Root cause: failure to sanitize the name GET parameter before output into an HTML input value attribute (designer.php: line 57). Impact: authenticated attacker can craft a URL with script tags that execute in the victim’s browser se...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:46 p.m.11 views

CVE-2026-13211

CVE-2026-13211 affects the Genucenter web interface prior to version 8.0p11, where SNMP authentication and encryption keys are exposed in HTTP responses to users with Service or Admin roles. This disclosure creates a confidentiality risk (SNMP credentials exposed); the documentation does not spec...

4.3CVSS5.8AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 3:36 p.m.14 views

CVE-2026-58454

Affected product : JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Vulnerability : remote code execution via the authenticated /Anyka/config HTTP endpoint. Root cause / vector : attackers with authentication can write to writable persistent JFFS2 storage, stage a malicious s...

7.7CVSS6.6AI score0.00523EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 3:33 p.m.18 views

CVE-2026-58453

JAIOTlink C492A-W6 Wi‑Fi IP cameras (firmware 4.8.30.57701411) are affected by CVE-2026-58453 due to hard-coded credentials. An attacker on the network can authenticate to the anyka_ipc HTTP service (port 80) using the default admin username with an empty password, gaining unauthorized access to ...

9.8CVSS5.8AI score0.0169EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 3:31 p.m.17 views

CVE-2026-58452

The CVE covers JAIOTlink C492A-W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411. Affected component is the NetSDK/Factory SetMAC HTTP PUT endpoint. The root cause is an OS command injection where a malicious Wireless parameter (starting with a MAC-like prefix, then a semicolon and a shell pay...

8.8CVSS6.4AI score0.02422EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 3:23 p.m.16 views

CVE-2026-58025

CVE-2026-58025 describes a deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki (affected components: includes/Import/WikiImporter.php, includes/Import/WikiRevision.php, includes/Logging/LogEntryBase.php) that affects MediaWiki releases prior to 1.46.0, including 1.45...

9.8CVSS5.8AI score0.00503EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 3:19 p.m.27 views

CVE-2026-58029

CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 3:15 p.m.14 views

CVE-2026-58028

CVE-2026-58028 is an XSS vulnerability affecting Wikimedia Foundation MediaWiki and CentralAuth. The issue is tied to specific API and rendering components (ApiFormatBase.php, ApiHelp.php, ResourceLoader/Module.php, PageDisplayHookHandler.php, LogFormatter/PermissionChangeLogFormatter.php) and af...

5.4CVSS5.8AI score0.00226EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 3:12 p.m.15 views

CVE-2026-17747

Technical details for CVE-2026-17747 are not publicly available in the provided documents. This CVE entry appears reserved/placeholder. Monitor for updates from the responsible party.

Exploits0References2
CVE
CVE
added 2026/07/01 3:12 p.m.18 views

CVE-2026-35801

Technical details for CVE-2026-35801 are not publicly available in the provided documents; monitor for updates.

Exploits0References2
CVE
CVE
added 2026/07/01 3:12 p.m.16 views

CVE-2026-24270

CVE-2026-24270 affects NVIDIA AIStore framework. The issue, described as an authentication bypass, could allow an attacker to cause denial of service, escalate privileges, disclose information, and tamper with data. NVIDIA’s security bulletin lists affected versions as all platforms on versions 0...

9.8CVSS5.8AI score0.00842EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 3:11 p.m.52 views

CVE-2026-57517

Control Web Panel prior to version 0.9.8.1225 is affected by CVE-2026-57517, a blind SQL injection via the userRes POST parameter at the user endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leveraging MySQL root privileges obtained...

9.8CVSS6.7AI score0.00587EPSS
Exploits2References4
CVE
CVE
added 2026/07/01 3:11 p.m.13 views

CVE-2026-24266

CVE-2026-24266 affects NVIDIA’s Triton Inference Server for Linux. The issue is a use-after-free vulnerability in the server (specific component not detailed in the provided documents) that can lead to a denial of service if exploited. NVIDIA’s security bulletin specifies affected versions are 0....

7.5CVSS5.8AI score0.00717EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder