Lucene search
K

572 matches found

NVD
NVD
added yesterday4 views

CVE-2026-57275

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.00286EPSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-57273

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.00286EPSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-57275

Geovision GeoWebPlayer Websocket Server connectInfo handler is vulnerable to stack-based buffer overflows in multiple fields when handling JSON input (username, password, username_enc, password_enc, key, ip). Affected product: GeoWebPlayer (GeoVision software family), with version context cited b...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-57275

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added yesterday6 views

EUVD-2026-41237

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2026-57273

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41235

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.9AI score0.00286EPSS
Exploits0References2
Talos
Talos
added 2 days ago6 views

GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerabilities

Summary Multiple exploitable stack-based buffer overflow vulnerabilities exist in the Websocket Server connectInfo handler functionality of GeoWebPlayer versions: 1.1.1.0. A specially crafted websocket message can lead to a arbitrary code execution. An attacker can stage a malicious webpage to...

8.3CVSS6.4AI score0.00286EPSS
Exploits0
NVD
NVD
added 2026/06/23 11:16 p.m.8 views

CVE-2026-47693

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

6.9CVSS0.00229EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 10:7 p.m.25 views

CVE-2026-47693

CVE-2026-47693 details (Poweradmin) : Poweradmin, a web-based DNS admin tool for PowerDNS, is vulnerable to CSV Injection in its log export endpoints. User-supplied data (notably the username) is written to exported CSVs without sanitizing formula trigger characters (=, +, -, @). When an admin ex...

6.9CVSS5.9AI score0.00229EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 11:4 p.m.6 views

GHSA-3H6H-67X3-CV5X Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

Description: Summary Poweradmin v4.4.0 is vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing formula trigger characters =, +, -, @. When an administrator export...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47615

Name of the Vulnerable Software and Affected Versions Poweradmin versions prior to 4.2.4 Poweradmin versions prior to 4.3.3 Poweradmin version 4.4.0 Description The log export functionality is susceptible to CSV Injection Formula Injection, which occurs when user-controlled data is written to...

6.9CVSS5.9AI score0.00229EPSS
Exploits0References12
NVD
NVD
added 2026/06/04 2:16 p.m.15 views

CVE-2019-25741

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

9.8CVSS0.00638EPSS
Exploits0References3
CVE
CVE
added 2026/06/04 1:22 p.m.16 views

CVE-2019-25741

Mobatek MobaXterm 12.1 is affected by a SEH-based buffer overflow in the username field of session files. An attacker can craft a malicious sessions file that overflows the username, triggering code execution when imported, potentially enabling a reverse shell with the user’s privileges. The CVE ...

9.8CVSS6.4AI score0.00638EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/04 1:22 p.m.10 views

EUVD-2019-20177

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

9.8CVSS6.4AI score0.00638EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/04 1:22 p.m.36 views

CVE-2019-25741 Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

9.8CVSS0.00638EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.8 views

CVE-2019-25741 Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

9.8CVSS6.4AI score0.00638EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46211

Mobatek MobaXterm 12.1 contains a structured exception handling SEH based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the...

9.8CVSS6.4AI score0.00638EPSS
Exploits0References4
CVE
CVE
added 2026/06/01 4:45 a.m.21 views

CVE-2026-10225

The CVE describes a SQL injection in the raisulislamg4 student_management_system_by_php, affecting the Login component via login_check.php when manipulating the Username argument. The issue is exploitable remotely over a NETWORK attack vector with LOW attack complexity and NO privileges required,...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/24 12:15 p.m.8 views

CVE-2026-9380 Edimax BR-6675nD POST Request formL2TPSetup buffer overflow

A security vulnerability has been detected in Edimax BR-6675nD 1.12. Affected is the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. Such manipulation of the argument L2TPUserName leads to buffer overflow. The attack can be launched remotely. The...

9CVSS7.8AI score0.00445EPSS
Exploits0References4
Rows per page
Query Builder