CVE-2026-12848

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

EUVD-2026-38653

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

CVE-2026-12851 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

EUVD-2026-38652

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

CVE-2026-12850

CVE-2026-12850 affects GeoVision GV-I/O Box 4E (version 2.09) via the internal library libNetSetObj.so . The CVE documents multiple OS command injection vulnerabilities, notably in CNetSetObj::m_F_n_Set_Gate_way (and related IP, NetMask, DNS, and gateway setters). The vulnerable functions take at...

EUVD-2026-38651

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

CVE-2026-12849 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

EUVD-2026-38650

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

CVE-2026-12847 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

CVE-2026-12846

CVE-2026-12846 affects GV-I/O Box 4E (DVRSearch CMD_IP_SET buffer overflow). Connected sources confirm multiple attacker-controlled overflows in CMD_IP_SET (e.g., Net Mask field, IP field, Gateway, DNS) via UDP on port 10001, enabling arbitrary code execution on vulnerable versions (notably GV-I/...

EUVD-2026-38646

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

Google Chrome < 149.0.7827.196 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.196. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop0482630350 advisory. - Use after free in Autofill. CVE-2026-13038 - Use after free in WebG...

Google Chrome < 149.0.7827.196 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 149.0.7827.196. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop0482630350 advisory. - Use after free in Autofill. CVE-2026-13038 - Use after free in...

PT-2026-51991

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the mt76 wireless driver for the mt7996 PCI chip. A race condition occurs when the chip is detaching; the mt7996 coredump unregister function releases...

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: nvidia-container-toolkit-fips, podman-fips, k8s-device-plugin-fips, prometheus-podman-exporter, rancher, sriov-network-device-plugin, buildah-fips, sriov-network-device-plugin-fips, node-feature-discovery, nvidia-container-toolkit, rancher-agent, gpu-operator-fips,...

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: nvidia-container-toolkit-fips, podman-fips, k8s-device-plugin-fips, prometheus-podman-exporter, rancher, sriov-network-device-plugin, buildah-fips, sriov-network-device-plugin-fips, node-feature-discovery, nvidia-container-toolkit, rancher-agent, gpu-operator-fips,...

GHSA-XJVP-4FHW-GC47 vulnerabilities

Vulnerabilities for packages: node-feature-discovery, rancher, k8s-device-plugin, nvidia-container-toolkit, sriov-network-device-plugin, rancher-agent...

CVE-2026-41579 vulnerabilities

Vulnerabilities for packages: node-feature-discovery, rancher, k8s-device-plugin, nvidia-container-toolkit, sriov-network-device-plugin, rancher-agent...

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...

CVE-2026-50221

In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to...