CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
The GeoWebPlayer (Web Plugin/WS Player) addon for GeoVision software (GV-VMS, GV-Cloud) contains an out-of-bounds array access vulnerability in the 2wayAudio command. The WebSocket server accepts commands from localhost, and the 'index' value is not validated, allowing access to memory beyond the intended range.
GeoWebPlayer (also known as Web Plugin or WS Player) is an addon for GeoVision software (GV-VMS, GV-Cloud) that creates a WebSocket server. Many commands accept an `index` parameter that is not validated for range, allowing out-of-bounds array access.
A vulnerability in GeoWebPlayer (Web Plugin) allows out-of-bounds array access via the setPIP command, where the 'index' value is not validated for proper range. This can lead to uncontrolled memory read or write.
A vulnerability in GeoWebPlayer (Web Plugin) allows out-of-bounds array access via the setStream command. Missing index validation lets an attacker from localhost perform operations on unintended memory areas.
A vulnerability in GeoWebPlayer (Web Plugin) allows out-of-bounds array access via an uncontrolled 'index' parameter in the connectInfo command. Lack of index range validation enables an attacker from localhost to trigger unintended actions.
GeoWebPlayer (also called Web Plugin or WS Player) is an addon for GeoVision software (GV-VMS, GV-Cloud) that runs a WebSocket server without requiring authentication. A malicious website can connect to this server and invoke the `create` and `getScreenCapture` methods to capture the user's screen content.
Craft CMS versions 5.9.0 through 5.10.0 contain a vulnerability where control panel users with entry editing permissions can execute unsandboxed Twig code via the HTTP Referrer header, leading to authenticated remote code execution (RCE). The issue occurs when saving entries, as the signed redirect URL string is compiled as a Twig template without sandboxing.
A vulnerability in Craft CMS allows users with system email template editing permissions to read server files, including the .env file containing passwords and API keys. An attacker can escalate to full admin account takeover by forging session tokens.
Craft CMS versions 4.0.0-RC1 through 4.18.0 and 5.0.0-RC1 through 5.10.0 are vulnerable to SSRF and arbitrary JavaScript injection via the /actions/app/resource-js endpoint. An attacker can poison the Host or X-Forwarded-Host header to bypass URL validation and force the Guzzle client to fetch a malicious payload from an external server.
In Craft CMS versions 5.0.0-RC1 through 5.9.20, a vulnerability exists due to improper authorization in the EntriesController::actionMoveToSection() endpoint. An authenticated low-privileged user can move an entry to a section where they have only read access without the required write permissions, breaking the section-level authorization model.
In Craft CMS versions 5.0.0-RC1 through 5.9.20, a vulnerability allows bypassing permission checks when saving entries. A low-privileged user can change the author of an entry to another user without the required permissions, leading to authorship spoofing.
In Craft CMS versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can inject a JavaScript payload into a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget's 'Give feedback' screen and searches for a term that returns the poisoned issue, the payload executes in the admin's control panel session.
In Craft CMS versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, the folder deletion function does not enforce peer asset deletion permissions. A low-privilege user can delete folders and all contained assets, including those uploaded by other users.
Craft CMS has an authorization issue in AssetsController::actionReplaceFile that allows an authenticated user to delete a source asset without source delete permission. Affected versions are 5.0.0-RC1 through 5.9.20 and 4.0.0-RC1 through 4.17.13.
A vulnerability in Cloudflare Universal SSL allows bypassing strict CAA records with accounturi or validationmethods parameters (RFC 8657) during TLS certificate issuance. The auto-managed CAA RRset overrides customer configuration, potentially enabling an attacker to obtain a trusted certificate for the victim's domain.
A path traversal vulnerability in the Git Service component of Altium Enterprise Server and Altium 365 allows an authenticated user with basic git access to move arbitrary files outside the intended repository area. This can lead to remote code execution under the Git Service account by placing attacker-controlled scripts into directories executed by the service.
A use-after-free vulnerability was found in the V8 engine of Google Chrome prior to version 150.0.7871.46. A remote attacker can exploit a crafted HTML page to execute arbitrary code within the sandbox environment.
A type confusion vulnerability in the V8 engine of Google Chrome prior to version 150.0.7871.46 allows a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. The issue is rated as high severity.
An integer overflow in the V8 JavaScript engine in Google Chrome prior to version 150.0.7871.46 allows a remote attacker to execute arbitrary code within the sandbox by crafting a malicious HTML page.
Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

