Lucene search
K

439 matches found

CVE
CVE
added 2026/07/02 2:19 a.m.11 views

CVE-2026-57267

GeoWebPlayer (aka Web Plugin / WS Player) ships a websocket server that handles localhost commands. The index parameter used to access internal arrays is not consistently validated, enabling index-out-of-bounds reads in multiple arrays. This is documented as a GeoVision vulnerability (CVE-2026-57...

8.3CVSS5.8AI score0.0022EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:19 a.m.5 views

CVE-2026-57266

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/02 2:19 a.m.11 views

CVE-2026-57266

GeoWebPlayer (Websocket Server component used by GV-VMS/GV-Cloud) contains multiple index-out-of-bounds vulnerabilities in its websocket command handling, allowing an attacker-supplied index to access arrays and trigger out-of-bounds reads/writes or call out-of-bounds function pointers. Documente...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:18 a.m.8 views

EUVD-2026-41227

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 2:18 a.m.12 views

CVE-2026-57265

GeoWebPlayer (Web Plugin/WS Player) Websocket Server vulnerabilities exist in GeoVision GeoWebPlayer 1.1.1.0 where an index value from websocket commands is not consistently validated, causing out-of-bounds reads/writes and potential code execution via critical sections and function pointers. Doc...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:18 a.m.6 views

CVE-2026-57265

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/02 2:18 a.m.16 views

CVE-2026-57264

GeoWebPlayer’s Websocket Server (used by GV-VMS/GV-Cloud) exposes a command interface where many commands accept an index that is not consistently validated. The Talos and CVE records describe multiple CVEs (e.g., CVE-2026-57264) across several commands (connectInfo, setStream, setPIP, audio, sna...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:17 a.m.8 views

EUVD-2026-41243

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 2:17 a.m.13 views

CVE-2026-13132

GeoWebPlayer (Web Plugin/WS Player) Websocket Server in GeoVision software contains multiple out-of-bounds read/write vulnerabilities triggered by index values in websocket commands (notably setStream). The Talos report specifies exploitable out-of-bounds reads in GeoWebPlayer version 1.1.1.0, wi...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:14 a.m.8 views

EUVD-2026-41242

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 2:14 a.m.11 views

CVE-2026-13131

GeoWebPlayer Websocket Server (GeoVision) has a concrete out-of-bounds read vulnerability in the connectInfo command (index not range-checked), enabling out-of-bounds access to viewer IPCams and potential code execution. Reported for GeoWebPlayer 1.1.1.0; CVSSv3.1 score 8.3 (NETWORK, HIGH impact)...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 2:14 a.m.11 views

CVE-2026-13125

GeoWebPlayer (GeoVision addon, also called Web Plugin/WS Player) exposes a websocket server with no authentication. Vulnerable component: GeoWebPlayer version 1.1.1.0. Root cause: missing authentication for critical websocket operations, enabling a malicious page to open a connection and issue pr...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:14 a.m.9 views

EUVD-2026-41241

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.7 views

PT-2026-54875

Name of the Vulnerable Software and Affected Versions GeoWebPlayer affected versions not specified Description GeoWebPlayer, also known as Web Plugin in GV-VMS documentation and WS Player for VMS-Cloud, is an addon for GeoVision software that establishes a websocket server to enhance web-interfac...

8.3CVSS6AI score0.0022EPSS
Exploits0References7
NVD
NVD
added 2026/06/26 8:16 a.m.11 views

CVE-2026-57881

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending craft...

9.8CVSS0.00376EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.9 views

CVE-2026-57872

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

7.5CVSS0.00969EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.9 views

CVE-2026-57873

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...

7.5CVSS0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.7 views

CVE-2026-57880

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by...

9.8CVSS0.0053EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.11 views

CVE-2026-57874

An unauthenticated buffer overflow vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this...

7.5CVSS0.00318EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 8:16 a.m.8 views

CVE-2026-57876

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a...

7.5CVSS0.00313EPSS
Exploits0References1
Rows per page
Query Builder