24h | 7d | 30d

Overview

  • GeoVision Inc.
  • GV-IP Device Utility

26 Apr 2026
Published
26 Apr 2026
Updated

CVSS v3.1
CRITICAL (9.3)
EPSS
Pending

KEV

Description

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcasted over UDP and the username/password are encrypted using a cryptographic protocol that appears to be derivated from Blowfish. However the symmetric key used for the encryption is also included in the packet, and thus the security of the username/password only relies on the "obscurity" of the encryption scheme. An attacker on the same LAN can listen to the broadcast traffic once an admin user interacts with the device, and decrypt the credentials using their own implementation of the algorithm. With this password the attacker would have full control over the device configuration, allowing them to change its ip address or even reset it to factory default.

Statistics

  • 1 Post

Last activity: 10 hours ago

Fediverse

Profile picture fallback

🚨CRITICAL: CVE-2026-42363 in GeoVision GV-IP Device Utility 9.0.5 exposes admin creds via UDP broadcast with weak encryption. Attackers on LAN can take full control. Limit access, avoid untrusted networks, and watch for patches. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Cisco
  • Cisco Secure Firewall Adaptive Security Appliance (ASA) Software

25 Sep 2025
Published
26 Feb 2026
Updated

CVSS v3.1
CRITICAL (9.9)
EPSS
41.43%

Description

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
Cisco ASA の脆弱性(CVE-2025-20333)とは?パッチ後も残るリスクを徹底解説 企業や政府機関のネットワークを守るファイアウォール製品「Cisco Secure Firewall ASA」に、深刻な脆弱性が確認されています。修正プログラムを適用しても攻撃が継続するケースが報告されており、単なるソフトウェアアップデートでは対処しきれない事態が起きています。 本記事では、Cisco ASA の脆弱性の概要から具体的な攻撃の手口、確認すべき対応策まで、技術者でない方にもわかりやすく解説します。 Cisco ASA とは? まずは製品の基本を押さえよう Cisco…
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • PowerDNS
  • Authoritative
  • pdns

22 Apr 2026
Published
22 Apr 2026
Updated

CVSS v3.1
MEDIUM (5.3)
EPSS
0.01%

KEV

Description

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

Statistics

  • 1 Post

Last activity: 5 hours ago

Bluesky

Profile picture fallback
PowerDNS Authoritative Serverの脆弱性情報が公開されました (CVE-2026-33257、他5件) https://jprs.jp/tech/security/2026-04-27-powerdns-auth.html
  • 0
  • 0
  • 0
  • 5h ago

Overview

  • Google
  • Chrome

23 Apr 2026
Published
24 Apr 2026
Updated

CVSS
Pending
EPSS
0.08%

KEV

Description

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture fallback
【脆弱性情報】 CVE-2026-6920 googleのchromeの脆弱性について Google Chrome for Android の 147.0.7727.117 より前のバージョンにおいて、GPU に境界外読み取りの脆弱性が存在します。
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • Tenda
  • F456

27 Apr 2026
Published
27 Apr 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
Pending

KEV

Description

A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.

Statistics

  • 1 Post

Last activity: 7 hours ago

Fediverse

Profile picture fallback

⚠️ CVE-2026-7082: HIGH severity buffer overflow in Tenda F456 v1.0.0.5 (formWrlExtraSet in httpd). Attack is remote and exploit is public. Audit exposure & restrict remote mgmt ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 7h ago
Showing 21 to 25 of 25 CVEs