Export limit exceeded: 363161 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363161 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363161 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-57264 | 1 Geovision Inc. | 1 Geowebplayer | 2026-07-02 | 8.3 High |
| GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### setPIP command index-out-of-bound | ||||
| CVE-2026-13132 | 1 Geovision Inc. | 1 Geowebplayer | 2026-07-02 | 8.3 High |
| GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### setStream command index-out-of-bound | ||||
| CVE-2026-13131 | 1 Geovision Inc. | 1 Geowebplayer | 2026-07-02 | 8.3 High |
| GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### connectInfo command index-out-of-bound | ||||
| CVE-2026-33592 | 2026-07-02 | 7.5 High | ||
| An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered across intermediate chunks without ever sending the final chunk. The server buffers all chunks in RAM indefinitely until the SecureChannel times out. The attack is pre-session and bypasses all encryption configuration. The issue affects open62541: from 1.4.0 through 1.4.16, from 1.5.0 through 1.5.4, master. | ||||
| CVE-2026-13125 | 1 Geovision Inc. | 1 Geowebplayer | 2026-07-02 | 8.8 High |
| GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. In order to access the websocket server, no authentication is required. As such, any malicious website can attempt to open a connection to the server and potentially access sensitive APIs. In particular, it's possible to call a combination of the `create` method and `getScreenCapture` to retrieve the content of the user's screen. | ||||
| CVE-2026-57345 | 2026-07-02 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Internal Links Manager <= 3.0.3 versions. | ||||
| CVE-2025-69134 | 2026-07-02 | 7.5 High | ||
| Unauthenticated Arbitrary Content Deletion in OpenAI Chatbot for WordPress – Helper <= 1.1.4 versions. | ||||
| CVE-2026-27060 | 2026-07-02 | 8.8 High | ||
| Contributor PHP Object Injection in ARMember Premium <= 7.0 versions. | ||||
| CVE-2026-39448 | 2026-07-02 | 7.5 High | ||
| Unauthenticated Broken Access Control in NOWPayments for WooCommerce <= 1.4.0 versions. | ||||
| CVE-2026-57352 | 2026-07-02 | 4.8 Medium | ||
| Unauthenticated Broken Authentication in ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce <= 2.2.0 versions. | ||||
| CVE-2026-57358 | 2026-07-02 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Customize My Account for WooCommerce <= 4.3.9 versions. | ||||
| CVE-2026-57426 | 2026-07-02 | 7.1 High | ||
| Unauthenticated Cross Site Scripting (XSS) in Modula - PRO <= 2.10.8 versions. | ||||
| CVE-2026-57677 | 2026-07-02 | 9.8 Critical | ||
| Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce <= 12.10.3 versions. | ||||
| CVE-2026-57684 | 2026-07-02 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in TheFox <= 3.9.70 versions. | ||||
| CVE-2026-57690 | 2026-07-02 | 4.3 Medium | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions. | ||||
| CVE-2026-57749 | 2026-07-02 | 7.5 High | ||
| Contributor Local File Inclusion in SportsPress Pro <= 2.7.29 versions. | ||||
| CVE-2026-32280 | 2 Go Standard Library, Golang | 2 Crypto/x509, Go | 2026-07-02 | 7.5 High |
| During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls. | ||||
| CVE-2026-57755 | 2026-07-02 | 6.5 Medium | ||
| Contributor Cross Site Scripting (XSS) in Mosaic Gallery – Advanced Gallery <= 1.2.0 versions. | ||||
| CVE-2026-37106 | 1 Dokuwiki | 1 Dokuwiki | 2026-07-02 | 9.8 Critical |
| An issue in DokuWiki 2025-05-14b "Librarian" 56.2 allows a remote attacker to create an account via the register function in inc/auth.php. NOTE: this is disputed by the Supplier because this is the intentional behavior when the product is configured for self-registration (a non-default feature). | ||||
| CVE-2026-57762 | 2026-07-02 | 5.9 Medium | ||
| Author Cross Site Scripting (XSS) in Simple URLs <= 151 versions. | ||||