24h | 7d | 30d

Overview

  • GeoVision Inc.
  • GV-VMS V20.0.2

04 May 2026
Published
04 May 2026
Updated

CVSS v3.1
CRITICAL (9.0)
EPSS
Pending

KEV

Description

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-42370 affects GeoVision GV-VMS V20.0.2. Stack overflow in WebCam Server Login allows unauthenticated remote code execution via crafted HTTP requests. Patch urgently! radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Edimax
  • BR-6428nC

03 May 2026
Published
03 May 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.04%

KEV

Description

A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway  leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture fallback

🛡️ Buffer overflow (CVE-2026-7684, HIGH) in Edimax BR-6428nC (1.0 – 1.16) via /goform/setWAN. Public exploit exists. No patch from vendor. Mitigate by restricting remote access or replacing device. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Dell
  • AppSync

21 Apr 2022
Published
16 Sep 2024
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.67%

KEV

Description

Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vulnerability in AppSync server. A remote unauthenticated attacker may potentially exploit this vulnerability to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.

Statistics

  • 1 Post

Last activity: 8 hours ago

Bluesky

Profile picture fallback
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited vulnerability in a popular Linux web application. The vulnerability, identified as CVE-2022-24424, affects Exim Mail Transfer Agent version 4.91.11 and older..
  • 0
  • 0
  • 0
  • 8h ago

Overview

  • InternLM
  • lmdeploy

20 Apr 2026
Published
21 Apr 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
2.92%

KEV

Description

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without validating internal/private IP addresses, allowing attackers to access cloud metadata services, internal networks, and sensitive resources. Version 0.12.3 patches the issue.

Statistics

  • 1 Post

Last activity: 20 hours ago

Bluesky

Profile picture fallback
AI INFRA UNDER FIRE: CVE-2026-33626 SSRF Exploited in the Wild Within 13 Hours—Is Your LLM Inference Engine the Next Target? + Video Introduction The integration of vision-language models into production workflows has introduced a dangerous Server-Side Request Forgery (SSRF) vulnerability in…
  • 0
  • 0
  • 0
  • 20h ago

Overview

  • Red Hat
  • Red Hat Enterprise Linux 10
  • binutils

22 Apr 2026
Published
23 Apr 2026
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

Statistics

  • 1 Post

Last activity: 14 hours ago

Bluesky

Profile picture fallback
Fedora sysadmins: A code execution flaw (CVE-2026-6846) affects the Insight debugger. Read more-> tinyurl.com/yeymucyb #Fedora #Security
  • 0
  • 0
  • 0
  • 14h ago

Overview

  • FreeBSD
  • FreeBSD

26 Mar 2026
Published
02 Apr 2026
Updated

CVSS
Pending
EPSS
0.09%

KEV

Description

Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first. As kgssapi.ko's RPCSEC_GSS implementation is vulnerable, remote code execution in the kernel is possible by an authenticated user that is able to send packets to the kernel's NFS server while kgssapi.ko is loaded into the kernel. In userspace, applications which have librpcgss_sec loaded and run an RPC server are vulnerable to remote code execution from any client able to send it packets. We are not aware of any such applications in the FreeBSD base system.

Statistics

  • 1 Post

Last activity: 12 hours ago

Bluesky

Profile picture fallback
📢 CVE-2026-4747 : CHERI neutralise un stack buffer overflow dans FreeBSD découvert par LLM 📝 📅 **Source et contexte** : Article publié le 28 avril 2026… https://cyberveille.ch/posts/2026-05-03-cve-2026-4747-cheri-neutralise-un-stack-buffer-overflow-dans-freebsd-decouvert-par-llm/ #CHERI #Cyberveille
  • 0
  • 0
  • 0
  • 12h ago

Overview

  • ruby
  • erb

24 Apr 2026
Published
25 Apr 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.11%

KEV

Description

ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue.

Statistics

  • 1 Post

Last activity: 14 hours ago

Fediverse

Profile picture fallback

Ruby 4.0.3 shipped with a single change: CVE-2026-41316 in ERB. Code injection via untrusted template input. Most Rails shops are still on 3.4 while the 4.0 series gets bimonthly patches. 3.2 went EOL in March. - ruby-lang.org/en/news/2026/04/

  • 0
  • 0
  • 0
  • 14h ago

Overview

  • GeoVision Inc.
  • GV-VMS V20.0.2

04 May 2026
Published
04 May 2026
Updated

CVSS v3.1
CRITICAL (9.0)
EPSS
Pending

KEV

Description

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. #### Stack-overflow via unconstrained sscanf The call to `sscanf` at [1] to split the `Buffer` variable into the `username` and `password` variables doesn't limit the size of the extracted content to match the destination buffers' sizes. In this case, if either the username or password decoded from the authorization string exceeds `40` characters (the size the stack variables `username` and `password`) then a stack overflow will occur. The data is controlled by an attacker, but sronger constraints (e.g. no null bytes) may make exploitation harder. A successful attack could lead to full code execution as SYSTEM on the machine running the service.

Statistics

  • 1 Post

Last activity: 1 hour ago

Fediverse

Profile picture fallback

🚨 CRITICAL: CVE-2026-7372 in GeoVision GV-VMS V20.0.2 — unauthenticated stack overflow in WebCam Login enables SYSTEM-level RCE. No fix yet — restrict access and monitor for updates. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 1h ago

Overview

  • GitHub
  • Enterprise Server

10 Mar 2026
Published
29 Apr 2026
Updated

CVSS v4.0
HIGH (8.7)
EPSS
0.30%

KEV

Description

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an attacker with push access to a repository to achieve remote code execution on the instance. During a git push operation, user-supplied push option values were not properly sanitized before being included in internal service headers. Because the internal header format used a delimiter character that could also appear in user input, an attacker could inject additional metadata fields through crafted push option values. This vulnerability was reported via the GitHub Bug Bounty program and has been fixed in GitHub Enterprise Server versions 3.14.25, 3.15.20, 3.16.16, 3.17.13, 3.18.7 and 3.19.4.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture fallback
The latest update for #CyCognito includes "Emerging Threat: (CVE-2026-41940) cPanel & WHM Authentication Bypass via CRLF Injection" and "Emerging Threat: (CVE-2026-3854) #GitHub Enterprise Server RCE via Git Push Injection". #cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X
  • 0
  • 0
  • 0
  • 2h ago
Showing 11 to 19 of 19 CVEs