CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-34114
Critical

A vulnerability in the Guardian language system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter in translate_text.php. The lack of input validation and direct use of the parameter in an exec() call enables exploitation without authentication.

CVE-2026-34113
Critical

A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter in speech_text.php.

CVE-2026-34112
Critical

A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter in speechmac.php.

CVE-2026-34111
Critical

A vulnerability in the Guardian language-system allows an unauthenticated attacker to execute arbitrary OS commands remotely by injecting shell metacharacters into the id parameter, which is passed unsanitized to the PHP exec() function in speechmac_text.php.

CVE-2026-34110
Critical

A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter, which is passed unsanitized to the PHP exec() function in complex_start.php.

CVE-2026-34109
Critical

The vulnerability in the Guardian language system involves passing the 'id' GET parameter directly into a PHP exec() call in speech.php without sanitization. An unauthenticated attacker can append shell metacharacters to execute arbitrary OS commands on the server.

CVE-2026-34108
Critical

A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the id parameter passed to the exec() function in text.php.

CVE-2026-34107
Critical

The vulnerability in the Guardian language-system passes the id GET parameter directly into a PHP exec() call in translate.php (line 14) without sanitization. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.

CVE-2026-34106
Critical

The vulnerability in the Guardian language-system directly passes the id GET parameter into a PHP exec() call in subtitles.php without sanitization. An unauthenticated remote attacker can append shell metacharacters to the id parameter to execute arbitrary OS commands on the server.

CVE-2026-34105
Critical

An SQL injection vulnerability in the Guardian language-system component allows an authenticated attacker to inject malicious SQL code via the 'id' parameter in translate_text.php. Lack of input sanitization enables error-based SQL injection to extract database contents.

CVE-2026-34104
Critical

An SQL injection vulnerability in Guardian language-system allows an authenticated attacker to inject malicious SQL code via the 'name' GET parameter in designer.php. Unsanitized input enables arbitrary SQL queries and extraction of database contents.

CVE-2026-34103
Critical

An SQL injection vulnerability in the Guardian language-system allows an authenticated attacker to inject malicious SQL code via the 'id' parameter in subtitles.php. The lack of input sanitization enables error-based SQL injection to extract database contents.

CVE-2026-34102
Critical

SQL Injection vulnerability in Guardian language-system exists in job_info_get.php where the GET parameter 'id' is directly inserted into an SQL query without sanitization. An authenticated attacker can exploit error-based SQL injection to extract database contents.

CVE-2026-34101
Critical

SQL Injection vulnerability in Guardian language-system allows an authenticated attacker to inject SQL code via the id parameter in text_file.php. Unsanitized input enables extraction of database contents.

CVE-2026-34100
Critical

An SQL injection vulnerability in the Guardian language-system allows an authenticated attacker to inject malicious SQL code via the id parameter in media.php. Lack of input sanitization enables error-based extraction of database contents.

CVE-2026-34099
Critical

SQL Injection vulnerability in Guardian language-system allows an unauthenticated attacker to inject SQL code via the 'id' parameter in job_info.php. Lack of input sanitization enables reading sensitive database information.

CVE-2026-34098
Medium

The vulnerability in the Guardian language-system fails to sanitize the 'id' GET parameter before inserting it into HTML source and form action attributes in media.php (lines 119, 129). An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session.

CVE-2026-34097
Medium

The vulnerability in the Guardian language-system is due to the failure to sanitize the 'id' GET parameter before inserting it into HTML form action attributes in text_file.php. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session.

CVE-2026-34096
Medium

The XSS vulnerability in the Guardian language-system fails to sanitize the 'name' GET parameter before outputting it into an HTML input value attribute in designer.php (line 57). An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session.

CVE-2026-27409
Medium

The Webba Booking WordPress plugin contains a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels. This issue affects versions from n/a through 6.4.13.

PreviousPage 21 of 4475Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS