Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
8.3 HIGH
CVE-2026-57268 — GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates…

Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.3 HIGH
CVE-2026-57267 — GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates…

Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.3 HIGH
CVE-2026-57266 — GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates…

Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.3 HIGH
CVE-2026-57265 — GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates…

Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.3 HIGH
CVE-2026-57264 — GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates…

Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.3 HIGH
CVE-2026-13132 — GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates…

Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.3 HIGH
CVE-2026-13131 — GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates…

Remote | Memory Corruption
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-13125 — GeoVision GeoWebPlayer 1.1.1.0 Websocket Server function vulnerability

GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates…

Remote | Authentication
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.7 HIGH
CVE-2026-55794 — Craft CMS: Potential authenticated Remote Code Execution via referrer redirect

Craft CMS is a content management system (CMS). In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referr…

craft_cms | Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
6.0 MEDIUM
CVE-2026-55792 — Craft CMS: Sensitive File Disclosure / Server-Side File Read

Craft CMS is a content management system (CMS). In versions starting from 4.0.0-RC1 and prior to 4.18.0, and 5.0.0-RC1 and above, prior to 5.10.0, the dataUrl() Twig function is included in Craft’s T…

craft_cms | Remote | Information Disclosure
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
6.9 MEDIUM
CVE-2026-55791 — Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in act…

Craft CMS is a content management system (CMS). Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery (SSRF) and Arbit…

craft_cms | Remote | Server-Side Request Forgery
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
6.0 MEDIUM
CVE-2026-50280 — Craft CMS: Authorization bypass in `entries/move-to-section` via missing target-section s…

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection() endpoint gates the destination section only by viewEntrie…

craft_cms | Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.6 HIGH
CVE-2026-50279 — Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation author…

Craft CMS is a content management system (CMS). IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry() performs entry-edit permission checks before request-controlle…

craft_cms | Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.4 HIGH
CVE-2026-55790 — Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms…

craft_cms | Remote | Cross-Site Scripting
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
7.1 HIGH
CVE-2026-50284 — Craft CMS: Missing peer-permission check in `AssetsController::actionDeleteFolder` allows…

Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder() only requires the deleteAssets:<volume-ui…

craft_cms | Remote | Authorization
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
5.3 MEDIUM
CVE-2026-50283 — Craft CMS: Unauthorized Deletion of Source Assets During File Replacement

Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can del…

craft_cms | Remote | Authorization
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
8.3 HIGH
CVE-2026-14429 — Skia Sandbox Escape

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v…

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
8.3 HIGH
CVE-2026-14428 — Google Chrome Dawn Sandbox Escape

Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandb…

android chrome chrome | Remote | Information Disclosure
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
8.3 HIGH
CVE-2026-14427 — Google Chrome Skia Heap Buffer Overflow Sandbox Escape

Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page…

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
9.6 CRITICAL
CVE-2026-14425 — ANGLE Use-After-Free Sandbox Escape

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

chrome chrome | Remote | Memory Corruption
Jul 01, 2026 Jul 02, 2026
Jul 01, 2026
Jul 02, 2026
Showing 20 of 7970 Results