Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,523
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 2,341 - 2,360 of 40,198 CVEs
CVE-2026-34105 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translate_text.php (line 15): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection t...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34104 CRITICAL - 9.8

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php (line 124): SELECT * FROM complex WHERE name='\".$_GET['name'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34103 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php (line 16): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to ext...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34102 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34101 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34100 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-base...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34099 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info.php (line 16): SELECT * FROM jobs where id = '\".$_GET['id'].\"'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to ...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34098 MEDIUM - 4.6

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php (lines 119, 129). An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session.

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34097 MEDIUM - 4.6

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text_file.php (lines 94, 101, 323, 403, 826, 852). An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session.

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34096 MEDIUM - 4.6

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php (line 57). An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session.

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-27409 MEDIUM - 5.3

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13.

Vendor: Webba Plugins
Product: Webba Booking
Published: Jul 01, 2026
Source: NVD
CVE-2026-20244 HIGH - 7.5

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG fi...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20243 HIGH - 7.5

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ fi...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20217 HIGH - 7.5

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PES...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20216 HIGH - 7.5

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerabilit...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20215 HIGH - 7.5

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20214 HIGH - 7.5

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG fi...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20213 HIGH - 7.5

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE file...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20191 HIGH - 7.5

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container.  This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HT...

Vendor: Cisco
Product: Cisco Catalyst Center
Published: Jul 01, 2026
Source: NVD
CVE-2026-13211 MEDIUM - 4.3

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the β€œService” or β€œAdmin” role.

Vendor: genua
Product: genucenter
Published: Jul 01, 2026
Source: NVD