CVE-2026-57631

Administrator SQL Injection in Popup box = 6.0.1 versions...

CVE-2026-57631

Administrator SQL Injection in Popup box = 6.0.1 versions...

WordPress Popup box plugin <= 6.0.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Popup box versions = 6.0.1...

Wordpress Multiple Themes - Reflected Cross-Site Scripting

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

AVM FRITZ!Box 7530 AX - Unauthorized Access

An access control issue in the component /juisboxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. id: CVE-2024-54767 info: name: AVM FRITZ!Box 7530 AX - Unauthorized Access author: DhiyaneshDK severity: high description: | An access...

CVE-2025-60473

A NULL pointer dereference in the gffilterinparentchain function /filtercore/filterpid.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted file...

CVE-2025-60464

GPAC MP4Box contains a use-after-free in gf_sei_load_from_state_internal (in /filters/sei_load.c) affecting builds before 26.02.0. This vulnerability can allow a Denial of Service when processing a crafted MPEG-2 TS file. The issue is described across multiple sources (NVD/NVD variant, AttackersK...

CVE-2026-12851

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

CVE-2026-12486

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

CVE-2026-12848

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

CVE-2026-12485

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

CVE-2026-12851

Geovision GV-I/O Box 4E (version 2.09) contains multiple OS command injection flaws in libNetSetObj.so, including CVE-2026-12851. The vulnerabilities arise from unsanitized inputs in CNetSetObj::m_F_n_Set_DNS_Addr (and related DNS/IP/Netmask/Gateway/config functions), which build shell commands a...

CVE-2026-12850 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

CVE-2026-12849

Ge’oVision GV-I/O Box 4E (2.09) has OS command injection vulnerabilities in libNetSetObj.so (e.g., CNetSetObj::m_F_n_Set_Net_Mask) that allow a attacker-supplied netmask to invoke /sbin/ifconfig via system(), reachable through DVRSearch and Network.cgi. TALOS and NVD enumerate multiple CVEs (incl...

CVE-2026-12486 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

CVE-2026-12486

GeoVision GV-I/O Box 4E (2.09) is affected by OS command injection in libNetSetObj.so, specifically CNetSetObj::m_F_n_Set_IP_Addr, which builds and executes a shell command via system("/sbin/ifconfig ..."). The flaw is reachable from network-exposed DVRSearch and Network.cgi endpoints, enabling r...

EUVD-2026-38649

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

CVE-2026-12848

The CVE-2026-12848 entry refers to GV-I/O Box 4E, a device exposing DVRSearch over UDP (port 10001). Connected sources describe a concrete vulnerability in the DNS field handling: attacker-controlled input can trigger a stack overflow via copying g_network_config-&gt;dns_addr into a local reply_b...

CVE-2026-12848 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

CVE-2026-12847

GV-I/O Box 4E DVRSearch CMD_IP_SET buffer overflow vulnerabilities (CVE-2026-12847) affect GV-I/O Box 4E (version 2.09). The issues involve attacker-controlled fields (gateway, IP, net mask, DNS) in UDP-based DVRSearch handling on port 10001, leading to stack-based buffer overflows and potential ...