Lucene search
K

216 matches found

NVD
NVD
added 2026/07/02 4:17 a.m.6 views

CVE-2026-57271

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:21 a.m.11 views

EUVD-2026-41233

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.7AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:14 a.m.9 views

EUVD-2026-41241

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-54875

Name of the Vulnerable Software and Affected Versions GeoWebPlayer affected versions not specified Description GeoWebPlayer, also known as Web Plugin in GV-VMS documentation and WS Player for VMS-Cloud, is an addon for GeoVision software that establishes a websocket server to enhance web-interfac...

8.3CVSS6AI score0.0022EPSS
Exploits0References7
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.141 views

Buffalo WSR-2533DHPL2 - Path Traversal

Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces. id: CVE-2021-20090 info: name: Buffalo WSR-2533DHPL2 - Path...

9.8CVSS8.3AI score0.99983EPSS
Exploits5References5
EUVD
EUVD
added 2026/05/12 9:31 p.m.12 views

EUVD-2026-29821

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device...

7.2CVSS6AI score0.00815EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.15 views

PT-2026-40363

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

7.2CVSS6.5AI score0.01014EPSS
Exploits0References2
NCSC
NCSC
added 2026/05/08 1:8 p.m.9 views

vulnerabilities found in Cisco Unity Connection

Cisco has addressed several vulnerabilities in Cisco Unity Connection. These vulnerabilities reside in the web management interface and the Web Inbox web interface of Cisco Unity Connection. Authorized attackers with valid login credentials can execute arbitrary code with root privileges, thereby...

8.8CVSS6.2AI score0.00712EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.6 views

Fedora 42 : composer (2026-d91f313a63)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d91f313a63 advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...

8.8CVSS6.1AI score0.01688EPSS
Exploits4References3
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.9 views

glances 安全漏洞

Glances is a system monitoring tool developed by Nicolas Hennion. Versions of Glances prior to 4.5.4 contained security vulnerabilities. These vulnerabilities stemmed from unvalidated REST APIs that allowed cross-domain requests, potentially allowing malicious websites to access sensitive system...

8.7CVSS5.8AI score0.00408EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2026/04/17 12:0 a.m.4 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC), a virtual device for collecting user authentication data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Cisco Identity Services Engine ISE web interface and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability...

6.8CVSS6.3AI score0.06919EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.8 views

Code Screenshot Generator MCP 操作系统命令注入漏洞

Code Screenshot Generator MCP is a code screenshot generation tool developed by Moussaab Badla. Versions of Code Screenshot Generator MCP prior to 0.1.0 contained a vulnerability related to operating system command injection, which stemmed from HTTP interfaces allowing for OS command injections...

6.5CVSS6.7AI score0.01455EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.3 views

CVE-2026-20116

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

6.1CVSS6AI score0.00207EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/25 9:41 a.m.11 views

SHARP routers missing authentication for some web APIs

Overview SHARP routers do not perform authentication for some web APIs. Those web APIs provide device information, and the initial administrative password is based on a part of the device information. Missing authentication for critical function CWE-306 - CVE-2026-32326 Shota Zaizen reported this...

6.9CVSS6.1AI score0.00278EPSS
Exploits0References9
EUVD
EUVD
added 2026/03/25 9:31 a.m.16 views

EUVD-2026-15194

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS5.8AI score0.00278EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 7:38 a.m.16 views

CVE-2026-32326

SHARP routers are affected by CVE-2026-32326 due to missing authentication for some web APIs, enabling retrieval of device information without authentication. The impact could be severe if the administrative password is left as the initial default, potentially allowing takeover of the device. The...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/25 7:38 a.m.1 views

CVE-2026-32326

SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, the device may be taken over...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 6:30 p.m.4 views

EUVD-2026-11221

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

6.1CVSS6AI score0.00207EPSS
Exploits0References2
NVD
NVD
added 2026/03/11 5:16 p.m.7 views

CVE-2026-20116

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

6.1CVSS0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 4:31 p.m.30 views

CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

6.1CVSS0.00207EPSS
Exploits0References1
Rows per page
Query Builder