Lucene search
+L

121 matches found

NVD
NVD
added 2026/07/02 4:17 a.m.9 views

CVE-2026-57276

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:25 a.m.10 views

CVE-2026-57276

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/02 2:24 a.m.9 views

EUVD-2026-41237

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:24 a.m.9 views

EUVD-2026-41236

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:24 a.m.8 views

CVE-2026-57274

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-55206

Name of the Vulnerable Software and Affected Versions @hey-api/openapi-ts versions prior to 0.97.3 Description An issue exists in the dist/clients/core/params.ts file, which is used as a runtime template in generated SDKs. The buildClientParams function fails to validate unknown keys that start...

4.8CVSS5.4AI score
Exploits0References8
OSV
OSV
added 2026/06/19 8:47 p.m.23 views

GHSA-HP36-V28F-W3R4 flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__ parent/id key

Summary convert builds the nested tree by using each flat record's id and parent field values directly as object keys, with no guard against proto / constructor / prototype. A record whose parent is the string "proto" makes tempparent resolve to Object.prototype, and the following initPush...

7.5CVSS6AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 7:10 p.m.5 views

CVE-2026-53704 Gstreamer1-plugins-ugly-free: gstreamer: out-of-bounds read in realmedia demuxer fileinfo metadata parser

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS5.2AI score0.00221EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/15 7:10 p.m.10 views

CVE-2026-53704

A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name and variable-value pairs using reskippascalstring without validating that offsets remain...

7.1CVSS4.8AI score0.00221EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 10:17 p.m.7 views

DEBIAN-CVE-2026-48110

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer could se...

7.5CVSS5.5AI score0.00268EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/09 7:21 p.m.7 views

CVE-2026-11824

SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4...

8.5CVSS6.2AI score0.00175EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44548

Name of the Vulnerable Software and Affected Versions compliance-trestle affected versions not specified Description A Server-Side Template Injection SSTI issue exists in the trestle author jinja command. The problem occurs because the render template function in...

7.8CVSS6.3AI score0.00022EPSS
Exploits0References9
NVD
NVD
added 2026/05/27 3:16 p.m.18 views

CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS0.00113EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 5:16 p.m.17 views

CVE-2026-48864

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lea...

7.8CVSS0.00205EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/26 4:16 p.m.13 views

EUVD-2026-31859

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lea...

7.8CVSS5.9AI score0.00205EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:16 p.m.8 views

CVE-2026-48864

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lea...

7.8CVSS5.9AI score0.00205EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.17 views

PT-2026-43313

Name of the Vulnerable Software and Affected Versions libsolv affected versions not specified Description A heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially...

7.8CVSS6AI score0.00205EPSS
Exploits1References31
Cvelist
Cvelist
added 2026/05/21 3:51 p.m.42 views

CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

0.00574EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 3:51 p.m.10 views

CVE-2026-48207 Apache Fory: PyFory ReduceSerializer Incomplete Policy Enforcement

Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy validation hooks during reduce-state restoration and global-name resolution. An application is vulnerable if it deserializes attacker-controlled data using PyFory...

5.8AI score0.00574EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 8:16 p.m.27 views

CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS0.00514EPSS
Exploits1References5
Rows per page
Query Builder