CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

276 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в gpsd

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

9.8CVSS6AI score0.00164EPSS

Exploits2References1

NVD•added 2026/04/28 7:37 p.m.•3 views

CVE-2026-3893

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

9.4CVSS0.00107EPSS

Exploits0References3

ATTACKERKB•added 2026/04/28 5:34 p.m.•0 views

CVE-2026-3893

9.4CVSS5.2AI score0.00107EPSS

Exploits0References4

Tenable Nessus•added 2026/01/19 12:0 a.m.•2 views

Debian dla-4441 : gpsd - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4441 advisory. [email protected] Subject: SECURITY DLA 4441-1 gpsd security update - ------------------------------------------------------------------------- Debia...

9.8CVSS6.2AI score0.00178EPSS

Exploits3References6

RedhatCVE•added 2026/01/09 10:11 a.m.•3 views

CVE-2019-11326

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same...

8.8CVSS7.3AI score0.00284EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:10 a.m.•3 views

CVE-2019-11327

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system...

4.9CVSS6.9AI score0.00517EPSS

Exploits1References1

Vulnrichment•added 2026/01/07 11:9 p.m.•2 views

CVE-2019-25259 Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that...

5.3CVSS6.4AI score0.00028EPSS

Exploits1References5

CVE•added 2026/01/07 11:9 p.m.•5 views

CVE-2019-25259

CVE-2019-25259 affects Leica Geosystems GR10/GR25/GR30/GR50 GNSS software (version 4.30.063). The vulnerability is a cross-site request forgery that allows attackers to trigger administrative actions without proper request validation by tricking authenticated users into submitting malicious reque...

5.3CVSS6.4AI score0.00028EPSS

Exploits1References5

Positive Technologies•added 2026/01/07 12:0 a.m.•3 views

PT-2026-1672

Name of the Vulnerable Software and Affected Versions Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 Description The software contains a cross-site request forgery issue that could allow attackers to perform administrative actions without proper validation of requests. Attackers can...

5.3CVSS6.5AI score0.00028EPSS

Exploits1References8

SUSE CVE•added 2026/01/06 12:24 a.m.•2 views

SUSE CVE-2025-67268

9.8CVSS8AI score0.00164EPSS

Exploits2References5

RedhatCVE•added 2026/01/03 11:11 a.m.•2 views

CVE-2025-67268

A flaw was found in gpsd. The hnd129540 function, responsible for handling NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to properly validate the user-supplied satellite count. A remote attacker can exploit this by sending a specially crafted packet with an excessive satellite count,...

9.8CVSS7.2AI score0.00164EPSS

Exploits2References6

NVD•added 2026/01/02 4:17 p.m.•2 views

CVE-2025-67268

9.8CVSS0.00164EPSS

Exploits2References3

OSV•added 2026/01/02 4:17 p.m.•0 views

UBUNTU-CVE-2025-67268

9.8CVSS6AI score0.00164EPSS

Exploits2References4

CVE•added 2026/01/02 12:0 a.m.•11 views

CVE-2025-67268

gpsd contains a heap-based out-of-bounds write in drivers/driver_nmea2000.c (PGN 129540 handling). The hnd_129540 function validates the satellite count against a 184-element skyview array, but an input satellite count up to 255 can overflow the array, causing memory corruption, DoS, and potentia...

9.8CVSS7.6AI score0.00164EPSS

Exploits2References3Affected Software1

AlpineLinux•added 2026/01/02 12:0 a.m.•1 views

CVE-2025-67268

9.8CVSS8AI score0.00164EPSS

Exploits2References3

Positive Technologies•added 2025/12/24 12:0 a.m.•2 views

PT-2025-53352

Name of the Vulnerable Software and Affected Versions Leica Geosystems GR10/GR25/GR30/GR50 GNSS version 4.30.063 Description The software contains a stored cross-site scripting issue in the configuration file upload functionality. An attacker can upload a malicious HTML file that will execute...

7.2CVSS6.1AI score0.00025EPSS

Exploits1References5

RedhatCVE•added 2025/11/05 6:54 a.m.•5 views

CVE-2025-20746

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10010441; Issue ID: MSV-3967...

6.7CVSS6.7AI score0.00007EPSS

Exploits0References1

NVD•added 2025/11/04 7:15 a.m.•1 views

CVE-2025-20747

6.7CVSS0.00007EPSS

Exploits0References1

OSV•added 2025/11/04 7:15 a.m.•1 views

CVE-2025-20747

6.7CVSS5.5AI score

Exploits0References1

OSV•added 2025/11/04 7:15 a.m.•2 views

CVE-2025-20746