Lucene search
K

718 matches found

Nuclei
Nuclei
added 11 hours ago51 views

IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion

IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion. id: CVE-2018-10956 info: name: IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion author: 0xAkoko severity: high description: | IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion. impact: | An...

7.5CVSS7AI score0.56318EPSS
Exploits6References5
Nuclei
Nuclei
added 11 hours ago47 views

Vehicle Service Management System 1.0 - Stored Cross Site Scripting

Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Service List section in login panel. id: CVE-2021-46072 info: name: Vehicle Service Management System 1.0 - Stored Cross Site Scripting author: TenBird severity: medium description: | Vehicle Servic...

4.8CVSS6AI score0.02736EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago37 views

Vehicle Service Management System 1.0 - Cross Site Scripting

Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel. id: CVE-2021-46073 info: name: Vehicle Service Management System 1.0 - Cross Site Scripting author: TenBird severity: medium description: | Vehicle Service Management Syst...

4.8CVSS6.1AI score0.02759EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago45 views

ehicle Service Management System 1.0 - Cross-Site Scripting

Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel. id: CVE-2021-46071 info: name: ehicle Service Management System 1.0 - Cross-Site Scripting author: TenBird severity: medium description: | Vehicle Service...

4.8CVSS6AI score0.02736EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago46 views

Vehicle Service Management System 1.0 - Stored Cross Site Scripting

Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Mechanic List section in login panel. id: CVE-2021-46069 info: name: Vehicle Service Management System 1.0 - Stored Cross Site Scripting author: TenBird severity: medium description: | Vehicle Servi...

4.8CVSS6AI score0.02736EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/26 10:41 a.m.5 views

EUVD-2026-39645

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS5.8AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 12:1 p.m.3 views

RLSA-2023:7015 Moderate: wireshark security update

The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fixes: wireshark: RTPS dissector crash CVE-2023-0666 wireshark: VMS TCPIPtrace file parser crash CVE-2023-2856 wireshark: NetScaler file parser crash...

6.5CVSS5.9AI score0.02256EPSS
Exploits4References5
NVD
NVD
added 2026/06/24 5:17 a.m.8 views

CVE-2026-12488

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability...

6.2CVSS0.00197EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 3:34 a.m.14 views

CVE-2026-12488

CVE-2026-12488 affects GeoVision GV-VMS V20 GV-Cloud (v20.0.2). Talos details describe a stack-based buffer overflow in the GV-Cloud relay path (GvRelayProxy.dll) caused by trusting an unverified message size from the remote server; reading large messages can overflow the stack, enabling possible...

6.2CVSS5.9AI score0.00197EPSS
Exploits0References3
Talos
Talos
added 2026/06/23 12:0 a.m.6 views

GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability

Summary A memory corruption vulnerability exists in the GV-Cloud functionality of GV-VMS V20 versions: 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability. Confirmed Vulnerable Versions The...

6.2CVSS6.5AI score0.00197EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.11 views

CVE-2024-33618

Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface...

7.5CVSS5.5AI score0.00455EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 8:4 a.m.16 views

EUVD-2026-33262

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 8:4 a.m.19 views

CVE-2026-10056

CVE-2026-10056 – Nx Witness VMS : A CORS misconfiguration in the REST API (pre-6.1.2) running in Standard security mode on Linux/Windows allows an unauthenticated attacker to exfiltrate a user session token and perform Administrator Account Takeover via a malicious cross-origin page. The High sec...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44762

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/05 8:20 a.m.11 views

CVE-2026-42369

GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to access t...

10CVSS6.2AI score0.00514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/05 8:20 a.m.12 views

CVE-2026-42370

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9.8CVSS6.2AI score0.00534EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 1:16 a.m.10 views

CVE-2026-42369

GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible to enable remote access via the "WebCam Server" feature. Once enabled, it is possible to access t...

10CVSS0.00514EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:48 a.m.4 views

CVE-2026-42370

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9CVSS6.2AI score0.00534EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/04 12:48 a.m.13 views

EUVD-2026-26861

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9CVSS6.2AI score0.00534EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/04 12:47 a.m.7 views

EUVD-2026-26864

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Stack-overflow via...

9CVSS6.5AI score0.00463EPSS
Exploits0References2
Rows per page
Query Builder