216 matches found
CVE-2026-57271
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
EUVD-2026-41233
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
EUVD-2026-41241
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
PT-2026-54875
Name of the Vulnerable Software and Affected Versions GeoWebPlayer affected versions not specified Description GeoWebPlayer, also known as Web Plugin in GV-VMS documentation and WS Player for VMS-Cloud, is an addon for GeoVision software that establishes a websocket server to enhance web-interfac...
Buffalo WSR-2533DHPL2 - Path Traversal
Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces. id: CVE-2021-20090 info: name: Buffalo WSR-2533DHPL2 - Path...
EUVD-2026-29821
A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device...
PT-2026-40363
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...
vulnerabilities found in Cisco Unity Connection
Cisco has addressed several vulnerabilities in Cisco Unity Connection. These vulnerabilities reside in the web management interface and the Web Inbox web interface of Cisco Unity Connection. Authorized attackers with valid login credentials can execute arbitrary code with root privileges, thereby...
Fedora 42 : composer (2026-d91f313a63)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d91f313a63 advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...
glances 安全漏洞
Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.4 contained security vulnerabilities. These vulnerabilities stemmed from unvalidated REST APIs that allowed cross-domain requests, potentially allowing malicious websites to access sensitive system...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC), a virtual device for collecting user authentication data, allows a perpetrator to execute arbitrary code.
The vulnerability of the Cisco Identity Services Engine ISE web interface and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability...
Code Screenshot Generator MCP 操作系统命令注入漏洞
Code Screenshot Generator MCP is a code screenshot generation tool developed by Moussaab Badla. Versions of Code Screenshot Generator MCP prior to 0.1.0 contained a vulnerability related to operating system command injection, which stemmed from HTTP interfaces allowing for OS command injections...
CVE-2026-20116
A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...
SHARP routers missing authentication for some web APIs
Overview SHARP routers do not perform authentication for some web APIs. Those web APIs provide device information, and the initial administrative password is based on a part of the device information. Missing authentication for critical function CWE-306 - CVE-2026-32326 Shota Zaizen reported this...
EUVD-2026-15194
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...
CVE-2026-32326
SHARP routers are affected by CVE-2026-32326 due to missing authentication for some web APIs, enabling retrieval of device information without authentication. The impact could be severe if the administrative password is left as the initial default, potentially allowing takeover of the device. The...
CVE-2026-32326
SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...
EUVD-2026-11221
A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...
CVE-2026-20116
A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...
CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities
A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...