843 matches found
CVE-2026-57681
Subscriber Server Side Request Forgery SSRF in GeoDirectory = 2.8.161 versions...
My Geo Posts Free <= 1.2 - PHP Object Injection
The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...
Geo Mashup <= 1.13.17 - SQL Injection
Geo Mashup WordPress plugin = 1.13.17 contains a SQL injection caused by insufficient escaping of the 'sort' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-2416 info: name: Geo Mashup = 1.13.17 - SQL Injection author: Shivam Kamboj...
WordPress IWS Geo Form Fields <=1.0 - SQL Injection
WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data,...
CVE-2026-57277
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57264
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57875
An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...
CVE-2026-57881
CVE-2026-57881 refers to an unauthenticated, stack-based buffer overflow in GeoVision’s vlsvr used by GV-LPC2011/LPC2211 (V1.12 and earlier). The issue stems from insufficient length validation when processing remote login data, allowing a remote attacker to send crafted input that may cause memo...
CVE-2026-57879
CVE-2026-57879 is an unauthenticated, stack-based buffer overflow in the ssvr component of GeoVision GV-LPC2011 and GV-LPC2211 (versions 1.12 and earlier). The issue stems from insufficient bounds checking when processing RTSP custom authentication data. An attacker could send a crafted RTSP requ...
CVE-2026-57879 GV-LPC2011/LPC2211 - unauthorized buffer overflow via AuthMode/AuthValue path (ssvr)
An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by...
CVE-2026-57878 GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (thttpd)
An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this...
CVE-2026-57877
Geovision GV-LPC2011/LPC2211 devices running vlsvr (affected firmware V1.12 and earlier) expose an unauthenticated format-string vulnerability in log message handling during login. The issue arises from improper handling of externally controlled input in the login processing path, potentially all...
CVE-2026-12850 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...
CVE-2026-12486
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...
CVE-2026-12486 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...
CVE-2026-12847
GV-I/O Box 4E DVRSearch CMD_IP_SET buffer overflow vulnerabilities (CVE-2026-12847) affect GV-I/O Box 4E (version 2.09). The issues involve attacker-controlled fields (gateway, IP, net mask, DNS) in UDP-based DVRSearch handling on port 10001, leading to stack-based buffer overflows and potential ...
CVE-2026-12485 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...
EUVD-2026-38645
A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability...
CVE-2025-27511
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution RCE. Version 2.27.0 fixes...
EUVD-2026-37612
Subscriber SQL Injection in Geo Mashup = 1.13.19 versions...