Lucene search
K

115 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-57276

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-57276

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-41237

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-57274

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-41236

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/15 7:10 p.m.7 views

CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS4.8AI score0.00186EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 10:17 p.m.5 views

DEBIAN-CVE-2026-48110

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could se...

7.5CVSS5.5AI score0.00268EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/09 7:21 p.m.5 views

CVE-2026-11824

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4...

8.5CVSS6.2AI score0.00175EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.17 views

PT-2026-44548

A High severity Server-Side Template Injection SSTI vulnerability exists in the trestle author jinja command. The command recursively evaluates rendered templates, allowing an attacker to achieve arbitrary command execution with privileges of the running process by injecting malicious payloads in...

7.8CVSS6.2AI score0.00022EPSS
Exploits0References5
NVD
NVD
added 2026/05/27 3:16 p.m.17 views

CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS0.00113EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 5:16 p.m.17 views

CVE-2026-48864

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lea...

7.8CVSS0.00205EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:16 p.m.8 views

CVE-2026-48864

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lea...

7.8CVSS5.9AI score0.00205EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/26 4:16 p.m.13 views

EUVD-2026-31859

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lea...

7.8CVSS5.9AI score0.00205EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43313

Name of the Vulnerable Software and Affected Versions libsolv affected versions not specified Description A heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially...

7.8CVSS6AI score0.00205EPSS
Exploits1References20
Vulnrichment
Vulnrichment
added 2026/05/21 3:51 p.m.10 views

CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

5.8AI score0.00574EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 3:51 p.m.40 views

CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

0.00574EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 8:16 p.m.23 views

CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS0.00514EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/05/19 7:57 p.m.9 views

CVE-2026-32741

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decodemaskimage. When decoding a HEIF file containing a mask image mski, the function copies the full iloc extent data into a pixel buffer using memcpydst,...

7.1CVSS5.9AI score0.00343EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/19 7:22 p.m.9 views

CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.8AI score0.00514EPSS
Exploits1
NVD
NVD
added 2026/05/11 6:16 p.m.18 views

CVE-2026-43894

jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INTMAX-1 2147483646 digits, the D2U macro overflows during signed-int arithmetic. The wrapped negative value bypasses the heap-allocation size check, causes the function to use a 30-by...

6.2CVSS0.00158EPSS
Exploits1References1
Rows per page
Query Builder