|
111
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker …
New
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-42367
|
2026-05-5 00:21 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
112
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attack…
New
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-42368
|
2026-05-5 00:21 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
113
|
9.0 |
CRITICAL
Network
|
-
|
-
|
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-42370
|
2026-05-5 00:21 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
114
|
7.4 |
HIGH
Network
|
-
|
-
|
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an ar…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-7371
|
2026-05-5 00:21 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
115
|
10.0 |
CRITICAL
Network
|
-
|
-
|
GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It is a native application accessed locally, but it is also possible…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-42369
|
2026-05-5 00:21 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
116
|
9.3 |
CRITICAL
Network
|
-
|
-
|
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att…
New
|
CWE-656
Reliance on Security Through Obscurity
|
CVE-2026-7161
|
2026-05-5 00:21 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
117
|
9.0 |
CRITICAL
Network
|
-
|
-
|
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-7372
|
2026-05-5 00:21 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
118
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql inje…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7670
|
2026-05-5 00:19 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
119
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in youlaitech youlai-boot up to 2.21.1. This affects the function getUserList of the file src/main/java/com/youlai/boot/system/controller/UserController.jav…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7672
|
2026-05-5 00:19 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
120
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of t…
New
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7673
|
2026-05-5 00:19 |
2026-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
