368753 matches found
CVE-2026-13125
GeoWebPlayer (GeoVision addon, also called Web Plugin/WS Player) exposes a websocket server with no authentication. Vulnerable component: GeoWebPlayer version 1.1.1.0. Root cause: missing authentication for critical websocket operations, enabling a malicious page to open a connection and issue pr...
CVE-2026-55493
Technical details for CVE-2026-55493 are not publicly available in the provided documents. No affected products, impacts, or fixes can be determined. Monitor for updates.
CVE-2026-54706
Technical details for CVE-2026-54706 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-55769
Technical details for CVE-2026-55769 are not publicly available in the provided documents. Monitor for updates to see if a concrete description, affected products, or remediation are released.
CVE-2026-55765
Technical details are not publicly available in the provided documents for CVE-2026-55765. No affected product, component, root cause, impact, or remediation is specified. Monitor for updates.
CVE-2026-54707
Technical details for CVE-2026-54707 are not publicly available in the provided documents. No affected products, root cause, or remediation are disclosed. Monitor for updates.
CVE-2026-49353
9router is affected by an incomplete fix from CVE-2026-46339. The vulnerability arises because the local-only access gate in src/dashboardGuard.js uses HTTP headers (Host and Origin) to determine locality rather than TCP source, making it bypassable when deployed behind reverse proxies or in DNS-...
CVE-2026-49352
The connected document reveals a concrete vulnerability in 9router: a publicly known hardcoded fallback JWT secret, "9router-default-secret-change-me", is used when JWT_SECRET is not set. This secret is committed in the public repository and unchanged across releases, enabling any unauthenticated...
CVE-2026-38968
ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...
CVE-2026-38971
ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...
CVE-2026-52189
CVE-2026-52189 describes a buffer overflow in the UTT nv518G nv518GV3v3.2.7-210919-161313 stack/heap handling within the gohead/sub_487330 component. The issue allows a remote attacker to trigger a denial of service. Documented details are limited to the affected product/version and component nam...
CVE-2026-38969
CVE-2026-38969 affects WEBrick (Ruby) up to v1.9.2. The flaw arises when WEBrick re-parses the trailer Content-Length, placing it into the canonical request state and enabling request smuggling. Documented impact includes potential bypass of security controls and information injection if exposed ...
CVE-2026-38972
Notepad3 versions up to 6.25.822.1 are vulnerable to a DLL search-order hijack in the About-dialog code path (src/Notepad3.c). The application loads MSFTEDIT.DLL via LoadLibrary with a bare DLL name, enabling a local attacker to place a malicious MSFTEDIT.DLL in the application directory or anoth...
CVE-2026-52188
CVE-2026-52188 is a Buffer Overflow in UTT nv518G nv518GV3v3.2.7-210919-161313 affecting the gohead//sub_497498 component. Reported impact is remote denial of service (availability impact) with CVSS 3.1 base score 6.5 (Medium). Connected sources indicate a PoC exists and a potential partial techn...
CVE-2026-52191
CVE-2026-52191 is a Buffer Overflow in the UTT nv518G nv518GV3v3.2.7-210919-161313, affecting the gohead/sub_444C8C component. The vulnerability enables a remote attacker to cause a denial of service. The provided documents do not specify a patch or remediation; no exploit details are described. ...
CVE-2026-52187
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub483ba0 component...
CVE-2026-38970
The provided data confirms a concrete vulnerability in pdfcpu
CVE-2026-52192
CVE-2026-52192 concerns an issue in UTT nv518G/nv518GV3v3.2.7-210919-161313 where a remote attacker can cause a denial of service via the gohead/sub_445C5C component. The primary available details identify the affected product family and the vulnerable component, with the CVSS v3.1 vector indicat...
CVE-2026-50280
Craft CMS contains an authorization bypass in the entries/move-to-section endpoint (EntriesController::actionMoveToSection). In versions 5.0.0-RC1 through below 5.9.21, destination section gate relies only on viewEntries:$section->uid instead of requiring saveEntries permission; source entry p...
CVE-2026-50279
Craft CMS (versions 5.0.0-RC1 through 5.9.20) contains an authorization gap in EntriesController::actionSaveEntry where entry-edit checks precede author changes. The code path allows attacker-supplied authors to mutate the authors list when the current user is among the old authors, without re-ru...