Lucene search
K

850 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/24 3:40 a.m.9 views

CVE-2026-12486

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.0172EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/24 3:34 a.m.15 views

CVE-2026-12847

GV-I/O Box 4E DVRSearch CMD_IP_SET buffer overflow vulnerabilities (CVE-2026-12847) affect GV-I/O Box 4E (version 2.09). The issues involve attacker-controlled fields (gateway, IP, net mask, DNS) in UDP-based DVRSearch handling on port 10001, leading to stack-based buffer overflows and potential ...

10CVSS6.2AI score0.00427EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:34 a.m.33 views

CVE-2026-12485 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS0.00436EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 3:34 a.m.9 views

EUVD-2026-38645

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability...

6.2CVSS5.9AI score0.00197EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:34 a.m.8 views

CVE-2026-12488

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability...

6.2CVSS5.9AI score0.00197EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/18 4:16 p.m.13 views

CVE-2025-27511

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution RCE. Version 2.27.0 fixes...

7.2CVSS0.00582EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37612

Subscriber SQL Injection in Geo Mashup = 1.13.19 versions...

8.5CVSS5.7AI score0.00332EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-48967

Subscriber SQL Injection in Geo Mashup = 1.13.19 versions...

8.5CVSS0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:51 a.m.32 views

CVE-2026-48967 WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability

Subscriber SQL Injection in Geo Mashup = 1.13.19 versions...

8.5CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:51 a.m.19 views

CVE-2026-48967

CVE-2026-48967 concerns a SQL Injection vulnerability in the WordPress Geo Mashup plugin (versions

8.5CVSS5.7AI score0.00332EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.22 views

PT-2026-50331

Name of the Vulnerable Software and Affected Versions Geo Mashup versions prior to 1.13.20 Description An SQL injection flaw exists in the Geo Mashup plugin, which allows users with subscriber privileges to execute unauthorized SQL commands. Recommendations Update to version 1.13.20 or later...

8.5CVSS6AI score0.00332EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 10:16 a.m.14 views

CVE-2026-52715

Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...

9.3CVSS0.0025EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:0 a.m.8 views

EUVD-2026-37051

Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...

9.3CVSS5.8AI score0.0025EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 9:0 a.m.41 views

CVE-2026-52715 WordPress GEO my WordPress plugin <= 4.5.5 - SQL Injection vulnerability

Unauthenticated SQL Injection in GEO my WordPress = 4.5.5 versions...

9.3CVSS0.0025EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.22 views

CVE-2026-52715

GEO my WordPress plugin (WordPress)

9.3CVSS5.7AI score0.0025EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49399

Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...

8.8CVSS5.3AI score0.00344EPSS
Exploits0References2
Talos
Talos
added 2026/06/15 12:0 a.m.10 views

GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Web Interface functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability. Confirmed Vulnerable Versions The...

9.9CVSS5.6AI score0.00348EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49390

Unauthenticated SQL Injection in GeoDirectory = 2.8.152 versions...

9.3CVSS5.7AI score0.00283EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.11 views

CVE-2026-11616

The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...

8.8CVSS5.5AI score0.00275EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.15 views

PT-2026-48435

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before request → @jwt required app/routes/install/routes.py:36-39. The individual endpoints install exporter, install waf, install geoip,...

9.9CVSS5.5AI score0.00267EPSS
Exploits0References2
Rows per page
Query Builder