EUVD-2026-26861

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2026-42370

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

CVE-2026-7372

CVE-2026-7372 affects GeoVision GV-VMS V20 20.0.2, specifically the WebCam Server Login functionality. A stack overflow is triggered by an unconstrained sscanf when parsing the Authorization string, where username or password extracted content may exceed 40 characters, overwriting the stack. The ...

CVE-2026-42368

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability...

CVE-2026-42368

CVE-2026-42368 affects GeoVision LPC2011/LPC2211 Web Interface (version 1.10). A privilege escalation exists where a specially crafted HTTP request can trigger a privileged operation when an attacker visits a webpage. The CVSSv3.1 base score is 9.9 (CRITICAL) with NETWORK attack vector, LOW compl...

CVE-2026-42368 GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability...

CVE-2026-42367

CVE-2026-42367 affects GeoVision LPC2011/LPC2211 Web Interface, ssi.cgi on version 1.10. A privilege-escalation path exists where a specially crafted HTTP request can leak Administrator credentials via the web interface, enabling access with elevated privileges after a user visits a crafted page....

CVE-2026-42367 GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability via leak of Administrator credentials

A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability...

PT-2026-36758

Name of the Vulnerable Software and Affected Versions pixelsock directus-mcp version 1.0.0 Description A flaw in the MCP Interface component allows for server-side request forgery SSRF, a condition where an attacker can induce the server to make requests to an unintended location. This occurs...

TOTOLINK WA300 缓冲区错误漏洞

TOTOLINK WA300 is a wireless access point produced by TOTOLINK, a Chinese company. The TOTOLINK WA300 5.2cu.7112B20190227 version contains a buffer overflow vulnerability. This vulnerability stems from the function UploadCustomModule in the POST Request Handler component’s file...

PT-2026-36745

Name of the Vulnerable Software and Affected Versions Totolink WA300 version 5.2cu.7112 B20190227 Description A buffer overflow can be triggered remotely via the POST Request Handler component. The issue exists within the UploadCustomModule function of the '/cgi-bin/cstecgi.cgi' endpoint when the...

PT-2026-37357

Before sq-git checks if a commit can be authenticated, it first looks for hard revocations. Because parsing a policy is expensive and a project's policy rarely changes, sq-git has an optimization to only check a policy if it hasn't checked it before. It does this by maintaining a set of policies...

TOTOLINK N300RH 缓冲区错误漏洞

TOTOLINK N300RH is a long-range wireless router produced by TOTOLINK Corporation. The version TOTOLINK N300RH 3.2.4-B20220812 contains a buffer overflow vulnerability. This vulnerability stems from an operation on the parameterFileName in the setUpgradeFW function of the POST Request Handler...

PT-2026-36735

Name of the Vulnerable Software and Affected Versions GeoVision LPC2011/LPC2211 version 1.10 Description A privilege escalation issue exists in the Web Interface functionality, specifically within the 'ssi.cgi' endpoint. A specially crafted HTTP request can lead to the leak of Administrator...

Apache OpenNLP 代码问题漏洞

Apache OpenNLP is a natural language processing toolkit developed by the Apache Foundation. Versions of Apache OpenNLP prior to 2.5.9 and 3.0.0-M3 contained code vulnerabilities. These vulnerabilities stemmed from the lack of enabling FEATURESECUREPROCESSING or disabling DTD processing during the...

PT-2026-36886

Name of the Vulnerable Software and Affected Versions PlantUML Macro versions prior to 2.4.1 Description PlantUML Macro, used for rendering UML diagrams from textual schemes, contains a Server-Side Request Forgery SSRF flaw. The application fails to validate the URL provided through the server...

PT-2026-36741

Name of the Vulnerable Software and Affected Versions GeoVision GV-VMS V20 version 20.0.2 Description A stack overflow exists in the WebCam Server Login functionality. An unauthenticated attacker can send a specially crafted HTTP request to trigger the issue, potentially leading to arbitrary code...

Directus MCP Server 代码问题漏洞

The Directus MCP Server is a model context protocol server developed by pixelsock’s individual developers, which connects AI with content management systems. Version 1.0.0 of the Directus MCP Server contains code vulnerabilities. These vulnerabilities stem from the function validateUrl in the MCP...

Yeapook WDR201A WiFi Extender 安全漏洞

The Yeapook WDR201A WiFi Extender is a wireless signal extension device produced by the Yeapook company. The Yeapook WDR201A WiFi Extender in the HW V2.1 version and FW LFMZX28040922V1.02 version contain security vulnerabilities. These vulnerabilities stem from stack-based buffer overflows in the...

PT-2026-36736

Name of the Vulnerable Software and Affected Versions GeoVision LPC2011/LPC2211 version 1.10 Description A privilege escalation issue exists in the Web Interface functionality. A specially crafted HTTP request allows an attacker to execute privileged operations by visiting a specific webpage...