Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

NVD
NVDadded 8 hours ago7 views

CVE-2026-57873

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...

7.5CVSS
Exploits0References1
CVE
CVEadded 9 hours ago10 views

CVE-2026-57878

CVE-2026-57878 affects GeoVision thttpd on GV-LPC2011/LPC2211 (V1.12 and earlier). Root cause: insufficient bounds checking when processing web request parameters in a specific path. Impact: unauthenticated remote attack leading to memory corruption, denial of service, or potentially arbitrary co...

9.8CVSS6.4AI score
Exploits0References1
EUVD
EUVDadded 9 hours ago6 views

EUVD-2026-39633

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this...

8.6CVSS5.8AI score
Exploits0References1
Cvelist
Cvelistadded 9 hours ago9 views

CVE-2026-57876 GV-LPC2011/LPC2211 - unauthorized out-of-bounds writing vulnerability (onvif.cgi)

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a...

7.5CVSS
Exploits0References1
CVE
CVEadded 9 hours ago6 views

CVE-2026-57875

GeoVision GV-LPC2011 and GV-LPC2211 components (GV-LPC2011/LPC2211 V1.12 and earlier) contain an unauthenticated NULL pointer dereference in the HTTP request parsing logic. The root cause is improper validation of required HTTP request metadata before use by the affected CGI components, allowing ...

7.5CVSS5.9AI score
Exploits0References1
Cvelist
Cvelistadded 9 hours ago10 views

CVE-2026-57875 GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability in packet parsing

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...

7.5CVSS
Exploits0References1
Cvelist
Cvelistadded 9 hours ago8 views

CVE-2026-57874 GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (IEEE8021x_upload.cgi)

An unauthenticated buffer overflow vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this...

7.5CVSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:22 p.m.12 views

CVE-2026-7371

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...

7.4CVSS5.5AI score0.00196EPSS
Exploits0References1
NVD
NVDadded 2026/05/04 1:16 a.m.18 views

CVE-2026-42368

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability...

9.9CVSS0.00348EPSS
Exploits0References3
NVD
NVDadded 2026/05/04 1:16 a.m.5 views

CVE-2026-7371

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...

7.4CVSS0.00196EPSS
Exploits0References2
NVD
NVDadded 2026/05/04 1:16 a.m.15 views

CVE-2026-42364

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...

9.9CVSS0.01606EPSS
Exploits0References3
NVD
NVDadded 2026/05/04 1:16 a.m.9 views

CVE-2026-42365

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability...

8.6CVSS0.00329EPSS
Exploits0References3
CVE
CVEadded 2026/05/04 12:43 a.m.12 views

CVE-2026-7371

GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi is affected by reflected XSS in version 1.10. A attacker can trigger arbitrary JavaScript by providing a crafted URL, with exploitation described as reflected XSS via the error message for non-existing pages. CVSS v3.1 base score 7.4 (HIGH) with N...

7.4CVSS5.9AI score0.00196EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/04 12:43 a.m.6 views

EUVD-2026-26863

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this...

7.4CVSS5.9AI score0.00196EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/04 12:42 a.m.4 views

CVE-2026-42366 GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vulnerabilities

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

7.4CVSS5.9AI score0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/04 12:42 a.m.1 views

CVE-2026-42366

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

7.4CVSS5.9AI score0.00196EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/04 12:42 a.m.17 views

CVE-2026-42365

GeoVision GeoVision LPC2011/LPC2211 Web Interface (version 1.10) exposes a session cookie vulnerability that allows authentication bypass through a crafted sequence of HTTP requests and brute-forcing session cookies. The CVE notes a network‑based, low‑complexity exposure with no user interaction ...

8.6CVSS5.8AI score0.00329EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/04 12:41 a.m.13 views

CVE-2026-42364

CVE-2026-42364 concerns a command-injection in the GeoVision LPC2011/LPC2211 web interface. The vulnerability resides in the DdnsSetting.cgi endpoint of version 1.10, where a specially crafted DDNS configuration can trigger arbitrary command execution. The description notes an attacker can modify...

9.9CVSS6AI score0.01606EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/04 12:41 a.m.4 views

CVE-2026-42364

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...

9.9CVSS6AI score0.01606EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/04 12:41 a.m.36 views

CVE-2026-42364 GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...

9.9CVSS0.01606EPSS
Exploits0References2
Rows per page
Query Builder