|
1001
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to t…
New
|
CWE-256
Plaintext Storage of a Password
|
CVE-2026-57302
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1002
|
4.2 |
MEDIUM
Network
|
-
|
-
|
A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-57306
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1003
|
4.2 |
MEDIUM
Network
|
-
|
-
|
A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-spe…
New
|
CWE-862
Missing Authorization
|
CVE-2026-57307
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1004
|
6.2 |
MEDIUM
Network
|
-
|
-
|
A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2.
A specially crafted network request can lead to a denial of service. An attacker can imperson…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-12488
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1005
|
10.0 |
CRITICAL
Network
|
-
|
-
|
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.
DVRSearch is a service running by default on the IOBox listening for UDP me…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-12485
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1006
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker…
New
|
CWE-78
OS Command
|
CVE-2026-12486
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1007
|
10.0 |
CRITICAL
Network
|
-
|
-
|
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.
DVRSearch is a service running by default on the IOBox listening for UDP me…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-12846
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1008
|
10.0 |
CRITICAL
Network
|
-
|
-
|
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.
DVRSearch is a service running by default on the IOBox listening for UDP me…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-12847
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1009
|
10.0 |
CRITICAL
Network
|
-
|
-
|
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.
DVRSearch is a service running by default on the IOBox listening for UDP me…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-12848
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1010
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker…
New
|
CWE-78
OS Command
|
CVE-2026-12849
|
2026-06-25 23:02 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
