|
2711
|
7.5 |
HIGH
Network
|
geovision
|
gv-lpc2011_firmware
gv-lpc2211_firmware
|
A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. …
|
CWE-341
Predictable from Observable State
|
CVE-2026-42365
|
2026-05-5 11:44 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2712
|
6.1 |
MEDIUM
Network
|
geovision
|
gv-lpc2011_firmware
gv-lpc2211_firmware
|
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an ar…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42366
|
2026-05-5 11:43 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2713
|
9.9 |
CRITICAL
Network
|
geovision
|
gv-lpc2011_firmware
gv-lpc2211_firmware
|
A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attack…
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-42368
|
2026-05-5 11:43 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2714
|
9.8 |
CRITICAL
Network
|
geovision
|
gv-vms_firmware
|
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-42370
|
2026-05-5 11:42 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2715
|
9.3 |
CRITICAL
Network
|
geovision
|
gv-ip_device_utility
|
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An att…
|
CWE-656
Reliance on Security Through Obscurity
|
CVE-2026-7161
|
2026-05-5 11:39 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2716
|
6.1 |
MEDIUM
Network
|
geovision
|
gv-lpc2011_firmware
gv-lpc2211_firmware
|
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an ar…
|
CWE-79
Cross-site Scripting
|
CVE-2026-7371
|
2026-05-5 11:39 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2717
|
9.0 |
CRITICAL
Network
|
geovision
|
gv-vms_firmware
|
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ca…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-7372
|
2026-05-5 11:38 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2718
|
7.5 |
HIGH
Network
|
apache
|
http_server
|
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav o…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-29169
|
2026-05-5 11:36 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2719
|
6.5 |
MEDIUM
Network
|
absolute
|
secure_access
|
CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access
server prior to 14.50. Attackers with control of a modified client can
send a specially crafted message to the server and caus…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-40950
|
2026-05-5 11:32 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2720
|
4.4 |
MEDIUM
Local
|
absolute
|
secure_access
|
CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access
Windows client prior to 14.50. Attackers with local control of the
Windows client can use it to trigger a denial of service.
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-40949
|
2026-05-5 11:32 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
