Lucene search
K

9622 matches found

NVD
NVD
added 2026/07/02 4:17 a.m.7 views

CVE-2026-57277

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.0028EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 4:17 a.m.7 views

CVE-2026-57273

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:26 a.m.10 views

EUVD-2026-41240

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.0028EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 2:26 a.m.19 views

CVE-2026-57278

GeoWebPlayer (Web Plugin/WS Player) vulnerable to a stack-based buffer overflow in the connectInfo handler, specifically in the ip field (conn_info.ip_or_host) with unbounded JSON input. TALOS confirms multiple CVEs in the same connectInfo codepath, including potential arbitrary code execution in...

8.3CVSS5.9AI score0.0028EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:25 a.m.10 views

EUVD-2026-41239

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.0028EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:25 a.m.10 views

EUVD-2026-41238

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 2:25 a.m.15 views

CVE-2026-57276

GeoWebPlayer’s Websocket Server connectInfo handler contains stack-based buffer overflow vulnerabilities in several fields (e.g., username/password/password_enc with key present; ip, key_blob) leading to potential arbitrary code execution. Affected product: GeoWebPlayer (GeoVision GV-VMS/GV-Cloud...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:25 a.m.10 views

CVE-2026-57276

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/02 2:24 a.m.13 views

CVE-2026-57275

Geovision GeoWebPlayer Websocket Server connectInfo handler is vulnerable to stack-based buffer overflows in multiple fields when handling JSON input (username, password, username_enc, password_enc, key, ip). Affected product: GeoWebPlayer (GeoVision software family), with version context cited b...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:24 a.m.9 views

EUVD-2026-41236

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 2:23 a.m.12 views

CVE-2026-57273

GeoWebPlayer Websocket Server connectInfo handler in GeoVision software contains multiple stack-based buffer overflows in user-supplied JSON fields. Specifically, overflows occur in: username and password when key is absent (64-byte buffers), and username_enc, password_enc, key_blob, ip fields wh...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:23 a.m.8 views

EUVD-2026-41235

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:23 a.m.10 views

CVE-2026-57273

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14388

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/07/01 6:16 p.m.9 views

CVE-2026-51946

SQL Injection vulnerability in GoAdminGroup GoAdmin last release v1.2.26 allows a remote attacker to execute arbitrary code and obtain sensitive information via the the sorttype URL parameter on all /admin/info/table endpoints...

6.5CVSS0.00336EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.10 views

CVE-2026-34102

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfoget.php line 16: SELECT FROM jobs where input1 = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS0.00373EPSS
Exploits0References2
Circl
Circl
added 2026/07/01 4:21 p.m.6 views

CVE-2026-24245

creationtimestamp| type| source ---|---|--- 2026-07-01 16:21:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mplwf2i7xe26 2026-07-02 04:27:20+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpn6woaywm2k...

7.8CVSS5.8AI score0.00154EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 4:16 p.m.9 views

CVE-2026-58033

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Actions/InfoAction.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

6.5CVSS0.00374EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 4:8 p.m.35 views

CVE-2026-34099 Guardian Language-System Unauthenticated SQL Injection via id Parameter in job_info.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS0.00459EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:8 p.m.14 views

CVE-2026-34099

The Guardian Language-System is vulnerable to unauthenticated SQL injection through the id parameter in job_info.php. The code directly injects $_GET['id'] into an unsanitized query (SELECT * FROM jobs where id = '...'), enabling error-based SQL injection without authentication. Reported impacts ...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
Rows per page
Query Builder