Lucene search
K

82 matches found

Cvelist
Cvelist
added 2026/05/04 12:42 a.m.34 views

CVE-2026-42366 GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vulnerabilities

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

7.4CVSS0.00196EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 12:42 a.m.6 views

CVE-2026-42366 GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vulnerabilities

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

7.4CVSS5.9AI score0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:42 a.m.2 views

CVE-2026-42366

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

7.4CVSS5.9AI score0.00196EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/04 12:42 a.m.21 views

CVE-2026-42366

GeoVision LPC2011/LPC2211 Web Interface (ssi.cgi) contains reflected XSS vulnerabilities in version 1.10. A crafted URL can trigger arbitrary JavaScript execution in the context of the user’s browser. The CVSSv3.1 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N with a base score of 7.4 (HIGH). Expl...

7.4CVSS5.9AI score0.00196EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/04 12:42 a.m.9 views

EUVD-2026-26856

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability...

8.6CVSS5.8AI score0.00329EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 12:42 a.m.22 views

CVE-2026-42365

GeoVision GeoVision LPC2011/LPC2211 Web Interface (version 1.10) exposes a session cookie vulnerability that allows authentication bypass through a crafted sequence of HTTP requests and brute-forcing session cookies. The CVE notes a network‑based, low‑complexity exposure with no user interaction ...

8.6CVSS5.8AI score0.00329EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/04 12:42 a.m.39 views

CVE-2026-42365 GeoVision LPC2011/LPC2211 Web Interface guessable session cookie vulnerability

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability...

8.6CVSS0.00329EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 12:41 a.m.6 views

CVE-2026-42364 GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...

9.9CVSS6AI score0.01606EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 12:41 a.m.23 views

CVE-2026-42364

CVE-2026-42364 concerns a command-injection in the GeoVision LPC2011/LPC2211 web interface. The vulnerability resides in the DdnsSetting.cgi endpoint of version 1.10, where a specially crafted DDNS configuration can trigger arbitrary command execution. The description notes an attacker can modify...

9.9CVSS6AI score0.01606EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/04 12:41 a.m.9 views

EUVD-2026-26855

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...

9.9CVSS6AI score0.01606EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/04 12:41 a.m.52 views

CVE-2026-42364 GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...

9.9CVSS0.01606EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:41 a.m.5 views

CVE-2026-42364

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...

9.9CVSS6AI score0.01606EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

GeoVision LPC2011和GeoVision LPC2211 安全漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring control devices produced by the Chinese company GeoVision. The version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain security vulnerabilities. These vulnerabilities stem from the privilege escalation in the Web Interfac...

6.5CVSS5.8AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.7 views

PT-2026-36736

Name of the Vulnerable Software and Affected Versions GeoVision LPC2011/LPC2211 version 1.10 Description A privilege escalation issue exists in the Web Interface functionality. A specially crafted HTTP request allows an attacker to execute privileged operations by visiting a specific webpage...

9.9CVSS5.9AI score0.00348EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

GeoVision LPC2011和GeoVision LPC2211 操作系统命令注入漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring and control devices produced by the Chinese company GeoVision. Versions 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain a vulnerability related to operating system command injection. This vulnerability stems from the OS...

9.9CVSS6.1AI score0.01606EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36734

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

7.4CVSS5.9AI score0.00196EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

GeoVision LPC2011和GeoVision LPC2211 跨站脚本漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring control devices produced by the Chinese company GeoVision. Version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contains a cross-site scripting vulnerability. This vulnerability stems from multiple reflective cross-site script...

7.4CVSS5.7AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-36735

Name of the Vulnerable Software and Affected Versions GeoVision LPC2011/LPC2211 version 1.10 Description A privilege escalation issue exists in the Web Interface functionality, specifically within the 'ssi.cgi' endpoint. A specially crafted HTTP request can lead to the leak of Administrator...

6.5CVSS5.2AI score0.00271EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.10 views

PT-2026-36740

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...

7.4CVSS5.9AI score0.00196EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.8 views

PT-2026-36733

Name of the Vulnerable Software and Affected Versions GeoVision LPC2011/LPC2211 version 1.10 Description The Web Interface functionality contains a flaw where session cookies are guessable. An attacker can use a series of specially crafted HTTP requests to brute-force these cookies, allowing them...

8.6CVSS5.3AI score0.00329EPSS
Exploits0References9
Rows per page
Query Builder