35 matches found
EUVD-2026-41229
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57266
GeoWebPlayer (Websocket Server component used by GV-VMS/GV-Cloud) contains multiple index-out-of-bounds vulnerabilities in its websocket command handling, allowing an attacker-supplied index to access arrays and trigger out-of-bounds reads/writes or call out-of-bounds function pointers. Documente...
EUVD-2026-41228
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57265
GeoWebPlayer (Web Plugin/WS Player) Websocket Server vulnerabilities exist in GeoVision GeoWebPlayer 1.1.1.0 where an index value from websocket commands is not consistently validated, causing out-of-bounds reads/writes and potential code execution via critical sections and function pointers. Doc...
EUVD-2026-41227
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57264
GeoWebPlayer’s Websocket Server (used by GV-VMS/GV-Cloud) exposes a command interface where many commands accept an index that is not consistently validated. The Talos and CVE records describe multiple CVEs (e.g., CVE-2026-57264) across several commands (connectInfo, setStream, setPIP, audio, sna...
EUVD-2026-41226
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-13132
GeoWebPlayer (Web Plugin/WS Player) Websocket Server in GeoVision software contains multiple out-of-bounds read/write vulnerabilities triggered by index values in websocket commands (notably setStream). The Talos report specifies exploitable out-of-bounds reads in GeoWebPlayer version 1.1.1.0, wi...
EUVD-2026-41243
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-13131
GeoWebPlayer Websocket Server (GeoVision) has a concrete out-of-bounds read vulnerability in the connectInfo command (index not range-checked), enabling out-of-bounds access to viewer IPCams and potential code execution. Reported for GeoWebPlayer 1.1.1.0; CVSSv3.1 score 8.3 (NETWORK, HIGH impact)...
EUVD-2026-41242
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-13125
GeoWebPlayer (GeoVision addon, also called Web Plugin/WS Player) exposes a websocket server with no authentication. Vulnerable component: GeoWebPlayer version 1.1.1.0. Root cause: missing authentication for critical websocket operations, enabling a malicious page to open a connection and issue pr...
GeoVision GeoWebPlayer Websocket Server lack of authentication vulnerability
Summary A lack of authentication vulnerability exists in the Websocket Server functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket connection can lead to execute priviledged operation. An attacker can stage a malicious webpage to trigger this vulnerability. Confirmed...
GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerabilities
Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the Websocket Server connectInfo handler functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket message can lead to a arbitrary code execution. An attacker can stage a malicious webpage to...
GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerabilities
Summary Multiple exploitable out-of-bounds read vulnerabilities exist in the Websocket Server functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket message can lead to a arbitrary code execution. An attacker can stage a malicious webpage to trigger these vulnerabilities...