Total CVEs

144,090

Critical Severity

4,134

High Severity

14,909

Last 7 Days

1,572
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 2,641 - 2,660 of 40,495 CVEs
CVE-2026-34102 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34101 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34100 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-base...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34099 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info.php (line 16): SELECT * FROM jobs where id = '\".$_GET['id'].\"'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to ...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34098 MEDIUM - 4.6

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php (lines 119, 129). An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session.

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34097 MEDIUM - 4.6

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text_file.php (lines 94, 101, 323, 403, 826, 852). An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session.

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34096 MEDIUM - 4.6

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php (line 57). An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session.

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-27409 MEDIUM - 5.3

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13.

Vendor: Webba Plugins
Product: Webba Booking
Published: Jul 01, 2026
Source: NVD
CVE-2026-20244 HIGH - 7.5

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG fi...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20243 HIGH - 7.5

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ fi...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20217 HIGH - 7.5

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PES...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20216 HIGH - 7.5

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerabilit...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20215 HIGH - 7.5

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20214 HIGH - 7.5

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG fi...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20213 HIGH - 7.5

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE file...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20191 HIGH - 7.5

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container.  This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HT...

Vendor: Cisco
Product: Cisco Catalyst Center
Published: Jul 01, 2026
Source: NVD
CVE-2026-13211 MEDIUM - 4.3

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.

Vendor: genua
Product: genucenter
Published: Jul 01, 2026
Source: NVD
CVE-2026-12480 MEDIUM - 5.5

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the `H5IOStore._verify_dataset()` and `file_editor.py` methods, which fail to check the `dataset.is_virtual` property of HDF5 datasets. Thi...

Vendor: keras-team
Product: keras-team/keras
Published: Jul 01, 2026
Source: NVD

A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

Published: Jul 01, 2026
Source: NVD
CVE-2026-8480 MEDIUM - 4.3

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certific...

Published: Jul 01, 2026
Source: NVD