Lucene search
+L

291 matches found

Vulnrichment
Vulnrichment
added 2026/05/04 12:48 a.m.7 views

CVE-2026-42370 GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9CVSS6.2AI score0.00534EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:48 a.m.4 views

CVE-2026-42370

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9CVSS6.2AI score0.00534EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/04 12:48 a.m.38 views

CVE-2026-42370 GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9CVSS0.00534EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 12:48 a.m.23 views

CVE-2026-42370

GeoVision GV-VMS V20 WebCam Server Login vulnerability (CVE-2026-42370) affects GV-VMS V20 20.0.2. A stack overflow is triggered by a specially crafted HTTP request, leading to arbitrary code execution. Exploitation is described as unauthenticated over the network. The CVSS 3.1 base metrics indic...

9.8CVSS6.2AI score0.00534EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/04 12:48 a.m.14 views

EUVD-2026-26861

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9CVSS6.2AI score0.00534EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 12:47 a.m.24 views

CVE-2026-7372

CVE-2026-7372 affects GeoVision GV-VMS V20 20.0.2, specifically the WebCam Server Login functionality. A stack overflow is triggered by an unconstrained sscanf when parsing the Authorization string, where username or password extracted content may exceed 40 characters, overwriting the stack. The ...

9CVSS6.5AI score0.00463EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.18 views

PT-2026-36741

Name of the Vulnerable Software and Affected Versions GeoVision GV-VMS V20 version 20.0.2 Description A stack overflow exists in the WebCam Server Login functionality. An unauthenticated attacker can send a specially crafted HTTP request to trigger the issue, potentially leading to arbitrary code...

9CVSS6.4AI score0.00463EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.9 views

PT-2026-37112

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description Accessing views via tokens or unauthenticated requests can mark an endpoint as not requiring Cross-Site Request Forgery CSRF protection. This occurs because the marking i...

6.1CVSS5.8AI score0.00124EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/04/28 1:42 p.m.5 views

CVE-2026-40968

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

4.2CVSS5.2AI score0.00171EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/24 8:40 p.m.35 views

CVE-2026-41472 CyberPanel < 2.4.4 Stored XSS via AI Scanner Dashboard

CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows unauthenticated attackers to inject malicious JavaScript by overwriting the findingsjson field of...

5.3CVSS0.00504EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/22 7:22 p.m.5 views

CVE-2026-40872

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 7:14 p.m.39 views

CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

9.3CVSS0.0028EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 7:14 p.m.4 views

CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

9.3CVSS6AI score0.0028EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.13 views

PT-2026-34053

Name of the Vulnerable Software and Affected Versions mailcow: dockerized versions prior to 2026-03b Description The admin dashboard Autodiscover logs fail to perform HTML escaping on the EMailAddress value, which is logged as the user field. An unauthenticated attacker can submit a crafted...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/20 3:31 p.m.7 views

EUVD-2026-23862

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is...

5.7CVSS5.8AI score0.00121EPSS
Exploits0References2
CVE
CVE
added 2026/04/20 1:38 p.m.20 views

CVE-2026-6369

The CVE-2026-6369 entry concerns the canonical-livepatch snap client, affected before version 10.15.0. A local unprivileged user can exploit an improper access control by sending an unauthenticated request to the livepatchd.sock Unix domain socket to obtain a sensitive, root-level authentication ...

5.7CVSS5.8AI score0.00121EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/15 8:28 a.m.6 views

CVE-2026-4002 Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action

The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.17 views

PT-2026-32448

Someone just found a way to dump your entire database with a single HTTP request. CVE-2026-6193: Critical SQL injection in PHPGurukul Daily Expense Tracker v1.1. No authentication. No special tools. Just a crafted URL parameter. Full attack chain breakdown → https://t.co/TeFM3nIkbP SQLInjection C...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/10 7:28 p.m.5 views

Permissive Cross-domain Policy with Untrusted Domains

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains in the POST /agui endpoint due to the absence of authentication and the use of a...

8.6CVSS6AI score0.00504EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 9:51 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the runPlaygroundServer process in cmd/run/run.go and the playground configuration in pkg/server/config/config.go. An attacker can recover the preshared API key by sending an unauthenticated request to the...

7.5CVSS5.8AI score0.00286EPSS
Exploits0References2
Rows per page
Query Builder