CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-58453
CriticalEPSS 74%

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain hard-coded credentials that allow network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anyka_ipc HTTP service on port 80. Attackers can authenticate with these credentials to access camera snapshots, video streams, network configuration, and factory-level API endpoints including the SetMAC command injection surface.

CVE-2026-34117
Critical

The vulnerability in the Guardian language-system passes the 'id' GET parameter directly into a PHP exec() call in text_to_subtitles.php (line 19) without sanitization. No authentication is required, allowing an unauthenticated remote attacker to append shell metacharacters and execute arbitrary OS commands on the server.

CVE-2026-34116
Critical

The vulnerability in the Guardian language system passes the 'id' GET parameter directly into a PHP exec() call in transcribe.php without sanitization. An unauthenticated attacker can append shell metacharacters to execute arbitrary OS commands on the server.

CVE-2026-34115
Critical

A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter passed to the PHP exec() function in transcribe_amazon.php.

CVE-2026-34114
Critical

A vulnerability in the Guardian language system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter in translate_text.php. The lack of input validation and direct use of the parameter in an exec() call enables exploitation without authentication.

CVE-2026-34113
Critical

A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter in speech_text.php.

CVE-2026-34112
Critical

A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter in speechmac.php.

CVE-2026-34111
Critical

A vulnerability in the Guardian language-system allows an unauthenticated attacker to execute arbitrary OS commands remotely by injecting shell metacharacters into the id parameter, which is passed unsanitized to the PHP exec() function in speechmac_text.php.

CVE-2026-34110
Critical

A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter, which is passed unsanitized to the PHP exec() function in complex_start.php.

CVE-2026-34109
Critical

The vulnerability in the Guardian language system involves passing the 'id' GET parameter directly into a PHP exec() call in speech.php without sanitization. An unauthenticated attacker can append shell metacharacters to execute arbitrary OS commands on the server.

CVE-2026-34108
Critical

A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the id parameter passed to the exec() function in text.php.

CVE-2026-34107
Critical

The vulnerability in the Guardian language-system passes the id GET parameter directly into a PHP exec() call in translate.php (line 14) without sanitization. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.

CVE-2026-34106
Critical

The vulnerability in the Guardian language-system directly passes the id GET parameter into a PHP exec() call in subtitles.php without sanitization. An unauthenticated remote attacker can append shell metacharacters to the id parameter to execute arbitrary OS commands on the server.

CVE-2026-34105
Critical

An SQL injection vulnerability in the Guardian language-system component allows an authenticated attacker to inject malicious SQL code via the 'id' parameter in translate_text.php. Lack of input sanitization enables error-based SQL injection to extract database contents.

CVE-2026-34104
Critical

An SQL injection vulnerability in Guardian language-system allows an authenticated attacker to inject malicious SQL code via the 'name' GET parameter in designer.php. Unsanitized input enables arbitrary SQL queries and extraction of database contents.

CVE-2026-34103
Critical

An SQL injection vulnerability in the Guardian language-system allows an authenticated attacker to inject malicious SQL code via the 'id' parameter in subtitles.php. The lack of input sanitization enables error-based SQL injection to extract database contents.

CVE-2026-34102
Critical

SQL Injection vulnerability in Guardian language-system exists in job_info_get.php where the GET parameter 'id' is directly inserted into an SQL query without sanitization. An authenticated attacker can exploit error-based SQL injection to extract database contents.

CVE-2026-34101
Critical

SQL Injection vulnerability in Guardian language-system allows an authenticated attacker to inject SQL code via the id parameter in text_file.php. Unsanitized input enables extraction of database contents.

CVE-2026-34100
Critical

An SQL injection vulnerability in the Guardian language-system allows an authenticated attacker to inject malicious SQL code via the id parameter in media.php. Lack of input sanitization enables error-based extraction of database contents.

CVE-2026-34099
Critical

SQL Injection vulnerability in Guardian language-system allows an unauthenticated attacker to inject SQL code via the 'id' parameter in job_info.php. Lack of input sanitization enables reading sensitive database information.

PreviousPage 4 of 543Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS