21 matches found
CVE-2026-7841
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...
EUVD-2026-27546
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...
CVE-2026-7841 GV-ASWeb Remote Code Execution (RCE) vulnerability
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...
PT-2026-37354
A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to bypass the fronte...
EUVD-2024-53447
Malicious code in bioql PyPI...
CVE-2024-56898
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts...
CVE-2024-56903
Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack...
CVE-2024-56902
Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password...
CVE-2024-56898
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts...
CVE-2024-56902
Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password...
CVE-2024-56902
Geovision GV-ASManager GV-ASWeb (versions 6.1.0.0 and earlier) have an information-disclosure flaw that can expose account information, including cleartext passwords. CVSS v3.1 base score 7.5 (HIGH): network exploit, no user interaction, no privileges required, with confidentiality impact. Public...
CVE-2024-56901
A Cross-Site Request Forgery CSRF vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF...
PT-2025-3344 · Geovision · Geovision Gv-Asweb
Name of the Vulnerable Software and Affected Versions: Geovision GV-ASWeb versions 6.1.0.0 and earlier Description: The issue allows unauthorized attackers with low-level privileges to request information about other accounts via a crafted HTTP request. Recommendations: For Geovision GV-ASWeb...
CVE-2024-56898
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts...
CVE-2024-56901
A Cross-Site Request Forgery CSRF vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF...
CVE-2024-56903
Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack...
CVE-2024-56901
CVE-2024-56901 is a CSRF vulnerability in Geovision GV-ASWeb/ASManager web app (version 6.1.1.0 or less) that lets an attacker arbitrarily create Administrator accounts via a crafted GET request. The issue is documented to be exploitable in a chain with CVE-2024-56903, which describes the ability...
CVE-2024-56898
CVE-2024-56898 affects Geovision GV-ASWeb (v6.1.0.0 or earlier). The issue is a broken access control that lets a low-privilege user perform unauthorized actions, including creating, modifying, or deleting accounts, effectively escalating privileges. Public exploit details exist (PoC available at...
CVE-2024-56902
Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password...
CVE-2024-56903
Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack...