368782 matches found
CVE-2026-57271
GeoWebPlayer (GeoVision GeoWebPlayer/Web Plugin/WS Player) contains a WebSocket server component, and a discovered out-of-bounds read vulnerability affecting the pause command index, as reported in CVE-2026-57271. Connected records identify this as a WebSocket server issue within GeoVision softwa...
CVE-2026-57270
GeoWebPlayer (also called Web Plugin in GV-VMS and WS Player in VMS-Cloud) furnishes a websocket server that extends the Web interfaces of GeoVision software. The server processes commands from localhost, many of which use an index to access arrays and perform actions. The index value is not cons...
CVE-2026-57269
GeoWebPlayer (Web Plugin/WS Player) in GeoVision software exposes a websocket server where an unvalidated index can access multiple arrays out-of-bounds, leading to an out-of-bounds read. This affects the Websocket interface used by GV-VMS and GV-Cloud; CVSS 3.1 base score 8.3 (HIGH) with potenti...
CVE-2026-57268
GeoWebPlayer’s Websocket server exposes a saveVideo command where the provided index is not validated before it's used to access internal arrays and call a function pointer in CCriticalSection. This out-of-bounds access can reach the critical section and release path, potentially enabling code ex...
CVE-2026-57267
GeoWebPlayer (aka Web Plugin / WS Player) ships a websocket server that handles localhost commands. The index parameter used to access internal arrays is not consistently validated, enabling index-out-of-bounds reads in multiple arrays. This is documented as a GeoVision vulnerability (CVE-2026-57...
CVE-2026-57266
GeoWebPlayer (Websocket Server component used by GV-VMS/GV-Cloud) contains multiple index-out-of-bounds vulnerabilities in its websocket command handling, allowing an attacker-supplied index to access arrays and trigger out-of-bounds reads/writes or call out-of-bounds function pointers. Documente...
CVE-2026-57265
GeoWebPlayer (Web Plugin/WS Player) Websocket Server vulnerabilities exist in GeoVision GeoWebPlayer 1.1.1.0 where an index value from websocket commands is not consistently validated, causing out-of-bounds reads/writes and potential code execution via critical sections and function pointers. Doc...
CVE-2026-57264
GeoWebPlayer’s Websocket Server (used by GV-VMS/GV-Cloud) exposes a command interface where many commands accept an index that is not consistently validated. The Talos and CVE records describe multiple CVEs (e.g., CVE-2026-57264) across several commands (connectInfo, setStream, setPIP, audio, sna...
CVE-2026-13132
GeoWebPlayer (Web Plugin/WS Player) Websocket Server in GeoVision software contains multiple out-of-bounds read/write vulnerabilities triggered by index values in websocket commands (notably setStream). The Talos report specifies exploitable out-of-bounds reads in GeoWebPlayer version 1.1.1.0, wi...
CVE-2026-13131
GeoWebPlayer Websocket Server (GeoVision) has a concrete out-of-bounds read vulnerability in the connectInfo command (index not range-checked), enabling out-of-bounds access to viewer IPCams and potential code execution. Reported for GeoWebPlayer 1.1.1.0; CVSSv3.1 score 8.3 (NETWORK, HIGH impact)...
CVE-2026-13125
GeoWebPlayer (GeoVision addon, also called Web Plugin/WS Player) exposes a websocket server with no authentication. Vulnerable component: GeoWebPlayer version 1.1.1.0. Root cause: missing authentication for critical websocket operations, enabling a malicious page to open a connection and issue pr...
CVE-2026-55493
Technical details for CVE-2026-55493 are not publicly available in the provided documents. No affected products, impacts, or fixes can be determined. Monitor for updates.
CVE-2026-54706
Technical details for CVE-2026-54706 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-55769
Technical details for CVE-2026-55769 are not publicly available in the provided documents. Monitor for updates to see if a concrete description, affected products, or remediation are released.
CVE-2026-55765
Technical details are not publicly available in the provided documents for CVE-2026-55765. No affected product, component, root cause, impact, or remediation is specified. Monitor for updates.
CVE-2026-54707
Technical details for CVE-2026-54707 are not publicly available in the provided documents. No affected products, root cause, or remediation are disclosed. Monitor for updates.
CVE-2026-49353
9router is affected by an incomplete fix from CVE-2026-46339. The vulnerability arises because the local-only access gate in src/dashboardGuard.js uses HTTP headers (Host and Origin) to determine locality rather than TCP source, making it bypassable when deployed behind reverse proxies or in DNS-...
CVE-2026-49352
The connected document reveals a concrete vulnerability in 9router: a publicly known hardcoded fallback JWT secret, "9router-default-secret-change-me", is used when JWT_SECRET is not set. This secret is committed in the public repository and unchanged across releases, enabling any unauthenticated...
CVE-2026-52189
CVE-2026-52189 describes a buffer overflow in the UTT nv518G nv518GV3v3.2.7-210919-161313 stack/heap handling within the gohead/sub_487330 component. The issue allows a remote attacker to trigger a denial of service. Documented details are limited to the affected product/version and component nam...
CVE-2026-38972
Notepad3 versions up to 6.25.822.1 are vulnerable to a DLL search-order hijack in the About-dialog code path (src/Notepad3.c). The application loads MSFTEDIT.DLL via LoadLibrary with a bare DLL name, enabling a local attacker to place a malicious MSFTEDIT.DLL in the application directory or anoth...