Total CVEs

144,269

Critical Severity

4,162

High Severity

14,979

Last 7 Days

1,670
Quick preset (or use dates below)
Clear Filters
Showing 2,821 - 2,840 of 144,269 CVEs
CVE-2026-34101 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34100 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-base...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34099 CRITICAL - 9.8

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info.php (line 16): SELECT * FROM jobs where id = '\".$_GET['id'].\"'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to ...

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34098 MEDIUM - 4.6

Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php (lines 119, 129). An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session.

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34097 MEDIUM - 4.6

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text_file.php (lines 94, 101, 323, 403, 826, 852). An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session.

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-34096 MEDIUM - 4.6

Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php (line 57). An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session.

Vendor: guardian
Product: language-system
Published: Jul 01, 2026
Source: NVD
CVE-2026-27409 MEDIUM - 5.3

Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13.

Vendor: Webba Plugins
Product: Webba Booking
Published: Jul 01, 2026
Source: NVD
CVE-2026-20244 HIGH - 7.5

A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in DMG fi...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20243 HIGH - 7.5

A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in ALZ fi...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20217 HIGH - 7.5

A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PES...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20216 HIGH - 7.5

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerabilit...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20215 HIGH - 7.5

A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in 7z file...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20214 HIGH - 7.5

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG fi...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20213 HIGH - 7.5

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE file...

Vendor: Cisco
Product: Cisco Secure Endpoint
Published: Jul 01, 2026
Source: NVD
CVE-2026-20191 HIGH - 7.5

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container.  This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HT...

Vendor: Cisco
Product: Cisco Catalyst Center
Published: Jul 01, 2026
Source: NVD
CVE-2026-13211 MEDIUM - 4.3

The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.

Vendor: genua
Product: genucenter
Published: Jul 01, 2026
Source: NVD
CVE-2026-12480 MEDIUM - 5.5

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the `H5IOStore._verify_dataset()` and `file_editor.py` methods, which fail to check the `dataset.is_virtual` property of HDF5 datasets. Thi...

Vendor: keras-team
Product: keras-team/keras
Published: Jul 01, 2026
Source: NVD

A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from * before 1.46.0, 1.45.4, 1.44.6, 1.43.9.

Published: Jul 01, 2026
Source: NVD
CVE-2026-8480 MEDIUM - 4.3

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included) A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certific...

Published: Jul 01, 2026
Source: NVD
CVE-2026-58127 CRITICAL - 9.8

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET WebCl...

Vendor: Hyland
Product: PACSgear MediaWriter
Published: Jul 01, 2026
Source: NVD