Lucene search
K

312 matches found

NVD
NVD
added 2026/07/02 4:17 a.m.6 views

CVE-2026-13125

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.8CVSS0.00227EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:14 a.m.7 views

CVE-2026-13125

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/02 2:14 a.m.12 views

CVE-2026-13125

GeoWebPlayer (GeoVision addon, also called Web Plugin/WS Player) exposes a websocket server with no authentication. Vulnerable component: GeoWebPlayer version 1.1.1.0. Root cause: missing authentication for critical websocket operations, enabling a malicious page to open a connection and issue pr...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References2
Talos
Talos
added 2026/07/01 12:0 a.m.9 views

GeoVision GeoWebPlayer Websocket Server lack of authentication vulnerability

Summary A lack of authentication vulnerability exists in the Websocket Server functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket connection can lead to execute priviledged operation. An attacker can stage a malicious webpage to trigger this vulnerability. Confirmed...

8.8CVSS5.9AI score0.00227EPSS
Exploits0
NVD
NVD
added 2026/06/28 2:16 a.m.12 views

CVE-2026-58056

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.33 views

CVE-2026-58056 RustDesk - FileTransfer Session Authorization Scope Bypass

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/28 1:32 a.m.10 views

EUVD-2026-39976

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 10:18 p.m.8 views

Malicious code in sypoi1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b22a9450e70ba1095097d2779ad6da01c111c37e940d890fbfc21d1aeb6a0f11 On require, index.js silently bootstraps a full Python runtime on the installer's machine — first via winget install -e --id Python.Python.3.12...

5.9AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 6:49 a.m.26 views

Malicious code in sysau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b9246e768a775d54485e7208d0ed4fc575af09bc78c3fde95c5cb24ebc2350d Package advertises itself as a 'System binary configuration tool' but ships pointer.py spawned by index.js which hardcodes...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/11 6:49 a.m.11 views

MAL-2026-5615 Malicious code in sysau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b9246e768a775d54485e7208d0ed4fc575af09bc78c3fde95c5cb24ebc2350d Package advertises itself as a 'System binary configuration tool' but ships pointer.py spawned by index.js which hardcodes...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 6:49 a.m.15 views

Malicious code in sysnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/11 6:49 a.m.72 views

MAL-2026-5617 Malicious code in sysnu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eac9873e59ffdf79c56fd4f9366b56e0532f87dc00c4380fae18d714785b0bc8 On require / CLI invocation, sysnu performs two install-time-equivalent actions on Windows hosts. First, if python is not on PATH, index.js lines 42-...

5.6AI score
Exploits0References2
Packet Storm
Packet Storm
added 2026/06/02 12:0 a.m.95 views

📄 dcontrol 1.0.9 Screen Capture

The script is a fully featured remote screen-capture client targeting an exposed WebSocket service /ws associated with a dcontrol deployment. It includes capabilities that move beyond diagnostic or administrative testing into active surveillance and unauthorized access workflows. Version 1.0.9 is...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/24 6:5 p.m.12 views

Malicious code in sysnode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1f5d271eb72dffa8868b2701aeb4aa7799ee9d7294f342e14682b6675114077 Package self-describes as a 'System binary configuration tool' but on invocation CLI/bin entry or require it silently bootstraps a full surveillance...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/24 6:5 p.m.9 views

MAL-2026-4678 Malicious code in sysnode (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1f5d271eb72dffa8868b2701aeb4aa7799ee9d7294f342e14682b6675114077 Package self-describes as a 'System binary configuration tool' but on invocation CLI/bin entry or require it silently bootstraps a full surveillance...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:31 a.m.11 views

Malicious code in carvus-lens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be2182b552b0a8359f3314078d48310cfcd57738e1934aacf00ac8775a32cfe0 carvus-lens is a screen-capture/OCR Electron-style tool whose advertised 'Ask AI', 'Translate', and 'Search' features silently route user-selected...

6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 2:20 a.m.16 views

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

3.3CVSS5.8AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 9:31 p.m.17 views

EUVD-2026-29262

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

5.8AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2026/05/11 9:18 p.m.9 views

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

3.3CVSS0.00123EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 8:8 p.m.35 views

CVE-2026-28957

An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to capture a user's screen...

0.00123EPSS
Exploits0References3
Rows per page
Query Builder