CVE-2026-13125
GeoWebPlayer (GeoVision addon, also called Web Plugin/WS Player) exposes a websocket server with no authentication. Vulnerable component: GeoWebPlayer version 1.1.1.0. Root cause: missing authentication for critical websocket operations, enabling a malicious page to open a connection and issue pr...