Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted query that causes excessiv…
Guardian language-system passes the id GET parameter directly into a PHP exec() call in translate.php (line 14) without sanitization: exec(\"php jobs/translate.php \".$login_session.\" \".$_GET['id']…
Guardian language-system passes the id GET parameter directly into a PHP exec() call in subtitles.php (line 19) without sanitization: exec(\"php jobs/subtitle_rendering.php \".$login_session.\" \".$_…
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translate_text.php (line 15): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id']…
Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php (line 124): SELECT * FROM complex WHERE name='\".$_GET['name'].\"'. An authenticated atta…
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php (line 16): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'.…
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated atta…
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where…
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id …
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info.php (line 16): SELECT * FROM jobs where id = '\".$_GET['id'].\"'. No authentication is required…
Missing Authorization vulnerability in Webba Plugins Webba Booking allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Webba Booking: from n/a through 6.4.13.
Guardian language-system fails to sanitize the id GET parameter before inserting it into HTML source and form action attributes in media.php (lines 119, 129). An authenticated attacker can craft a UR…
Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in text_file.php (lines 94, 101, 323, 403, 826, 852). An authenticated at…
Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php (line 57). An authenticated attacker can craft a URL containi…
The genucenter web interface before version 8.0p11 unnecessarily exposes sensitive SNMP authentication and encryption keys in its HTTP responses to users with the “Service” or “Admin” role.
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to…
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the def…
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a …
Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision…
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiChangeAuthenticationData.Php, includes/Api/ApiLinkAccount.Php, includes/Api/ApiR…