{"vulnerability": "cve-2026-4236", "sightings": [{"uuid": "30ba66d9-2283-4eb0-b4f2-56e50f060e2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42363", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mkgwbpe4oe23", "content": "", "creation_timestamp": "2026-04-27T01:30:30.910680Z"}, {"uuid": "5fffef79-c9d0-4289-991a-ec2b8b762e4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42368", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3ml3cr4g2zt2s", "content": "\ud83d\udccc CVE-2026-42368 - A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can... https://www.cyberhub.blog/cves/CVE-2026-42368", "creation_timestamp": "2026-05-05T04:07:08.709882Z"}, {"uuid": "f03a4ff6-1a7d-4232-b26a-d5a156f92b7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42363", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkgshdixcu2g", "content": "", "creation_timestamp": "2026-04-27T00:22:04.794820Z"}, {"uuid": "9c5c0792-2aa3-4775-9b02-d0d346624c6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42363", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116474080655255784", "content": "", "creation_timestamp": "2026-04-27T01:30:28.710400Z"}, {"uuid": "2d4c4aeb-90a9-4c9c-8c4c-d1ee3e054e55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42368", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkyitx7tgm2g", "content": "\ud83d\udd34 CVE-2026-42368 - Critical (9.9)\n\nA privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC20...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42368/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T01:18:05.787212Z"}, {"uuid": "23021fbb-6d7c-4f6e-a906-18b70b69e3ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42369", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116514513998786708", "content": "There is a new vulnerability with elevated criticality in GeoVision GV-VMS (CVE-2026-42369) https://vuldb.com/vuln/360931", "creation_timestamp": "2026-05-04T04:53:12.899123Z"}, {"uuid": "9a201c86-caeb-48ec-9483-929271111868", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42369", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mkyymwd4po22", "content": "CRITICAL: GeoVision GV-VMS V20.0.2 stack overflow (CVSS 10) lets remote attackers gain SYSTEM access. Restrict remote access & monitor for patches. https://radar.offseq.com/threat/cve-2026-42369-cwe-787-out-of-bounds-write-in-geov-0757b787 #OffSeq #CVE202642369 #cyberalert", "creation_timestamp": "2026-05-04T06:00:31.157787Z"}, {"uuid": "a5d8fca9-a16c-4d84-93c5-fa7d437cb448", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42369", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116514778449951013", "content": "\ud83d\udea8 CVE-2026-42369 (CRITICAL, CVSS 10): GeoVision GV-VMS V20.0.2 stack overflow in gvapi endpoint lets unauthenticated remote attackers execute code as SYSTEM. Restrict remote access, monitor for patches. https://radar.offseq.com/threat/cve-2026-42369-cwe-787-out-of-bounds-write-in-geov-0757b787 #OffSeq #CVE202642369 #infosec #zeroday", "creation_timestamp": "2026-05-04T06:00:31.183284Z"}, {"uuid": "c849bd34-f1b0-424c-bc55-f06ebcf4d98c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42369", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3mkzbmxfeo22a", "content": "\ud83d\udea8 Critical flaw in CVE-2026-42369 affects GeoVision GV-VMS V20 (CVSS 10.0). Unauthenticated attackers can gain full SYSTEM access via the WebCam Server.  \n\n\ud83d\udd17 basefortify.eu/cve_reports/...  \n\n#CVE #CyberSecurity #GeoVision", "creation_timestamp": "2026-05-04T08:41:41.153344Z"}, {"uuid": "2d8afbe9-2ebc-4e45-b63c-bbe5b123330f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42369", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3mkzbmysrs22a", "content": "\ud83d\udea8 Critical flaw in CVE-2026-42369 affects GeoVision GV-VMS V20 (CVSS 10.0). Unauthenticated attackers can gain full SYSTEM access via the WebCam Server.  \n\n\ud83d\udd17 basefortify.eu/cve_reports/...  \n\n#CVE #CyberSecurity #GeoVision", "creation_timestamp": "2026-05-04T08:41:43.094535Z"}, {"uuid": "4a9b500e-07c8-4954-8f32-cc638d52b7a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42369", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3mkzbn3lrh22a", "content": "\ud83d\udea8 Critical flaw in CVE-2026-42369 affects GeoVision GV-VMS V20 (CVSS 10.0). Unauthenticated attackers can gain full SYSTEM access via the WebCam Server.  \n\n\ud83d\udd17 basefortify.eu/cve_reports/...  \n\n#CVE #CyberSecurity #GeoVision", "creation_timestamp": "2026-05-04T08:41:43.757601Z"}, {"uuid": "0ed9f9c1-c3a8-4da3-a2f4-33d6a251fbf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42369", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkyiu6f3ct2w", "content": "\ud83d\udd34 CVE-2026-42369 - Critical (10)\n\nGV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras a...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42369/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T01:18:13.364023Z"}, {"uuid": "d53e3a01-0d30-4a5a-b0d4-0e875d866ae4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42364", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkyiwiqxep2n", "content": "\ud83d\udd34 CVE-2026-42364 - Critical (9.9)\n\nAn os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LP...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42364/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T01:19:31.272037Z"}, {"uuid": "64d31d12-60f8-422a-9588-4e2b6038a049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42365", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkyiwq46vt2w", "content": "\ud83d\udfe0 CVE-2026-42365 - High (8.6)\n\nA guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision L...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42365/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T01:19:38.767285Z"}, {"uuid": "ce2b7913-4576-45c1-958f-d5721be517b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42364", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkyjpuojny26", "content": "\ud83d\udd34 CVE-2026-42364 - Critical (9.9)\n\nAn os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LP...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42364/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T01:33:43.059761Z"}, {"uuid": "1b590cf0-8642-4eeb-9dce-38342cb553d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42365", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkyjq3vlbn2w", "content": "\ud83d\udfe0 CVE-2026-42365 - High (8.6)\n\nA guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision L...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42365/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-04T01:33:50.077845Z"}, {"uuid": "7b1695d7-0a13-40a4-b7e9-20070b2acc59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42368", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116515840100676025", "content": "\ud83c\udf10 CVE-2026-42368 | CRITICAL privilege escalation in GeoVision GV-LPC2011/LPC2211 v1.10. Remote attackers can gain full control via crafted HTTP requests. No patch \u2014 restrict web interface access & monitor traffic. Details: https://radar.offseq.com/threat/cve-2026-42368-cwe-266-incorrect-privilege-assignm-b84e399c #OffSeq #Vuln #IoT #CyberSecurity", "creation_timestamp": "2026-05-04T10:30:27.922246Z"}, {"uuid": "1ec6cf61-d77e-453b-9e07-d25fae9733c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42364", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkynhblr5c2p", "content": "CVE-2026-42364 - GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability\nCVE ID : CVE-2026-42364\n \n Published : May 4, 2026, 1:16 a.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : An os command injection vulnerability exists in the DdnsSetting....", "creation_timestamp": "2026-05-04T02:40:28.649981Z"}, {"uuid": "c281fb92-cf26-4ec5-aa8d-91859aecd2c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-42368", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mkzhppcbyr2o", "content": "CRITICAL: GeoVision GV-LPC2011/LPC2211 v1.10 has a severe privilege escalation flaw. Restrict web access & monitor HTTP requests \u2014 no patch yet. Protect your devices! https://radar.offseq.com/threat/cve-2026-42368-cwe-266-incorrect-privilege-assignm-b84e399c #OffSeq #Vulnerability #IoTSecurity", "creation_timestamp": "2026-05-04T10:30:29.375888Z"}, {"uuid": "c610b189-6127-420c-bda1-d7d11c5ca926", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42369", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkynz6jpjl2h", "content": "CVE-2026-42369 - GeoVision GV-VMS V20 WebCam Server stack overflow vulnerability\nCVE ID : CVE-2026-42369\n \n Published : May 4, 2026, 1:16 a.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance camer...", "creation_timestamp": "2026-05-04T02:50:29.698799Z"}, {"uuid": "c4a6f708-2fb5-45a3-b9d9-19274c051040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42368", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkyoc4xwdf2q", "content": "CVE-2026-42368 - GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability\nCVE ID : CVE-2026-42368\n \n Published : May 4, 2026, 1:16 a.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : A privilege escalation vulnerability exists in the Web Interface functionality of ...", "creation_timestamp": "2026-05-04T02:55:29.965937Z"}, {"uuid": "a9154ce5-e9ec-4d89-9db1-b93886843f52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42365", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkyol3gmar2v", "content": "CVE-2026-42365 - GeoVision LPC2011/LPC2211 Web Interface guessable session cookie vulnerability\nCVE ID : CVE-2026-42365\n \n Published : May 4, 2026, 1:16 a.m. | 1\u00a0hour, 4\u00a0minutes ago\n \n Description : A guessable session cookie vulnerability exists in the Web Interface functiona...", "creation_timestamp": "2026-05-04T03:00:30.565817Z"}, {"uuid": "ce747fa4-dc42-4e09-8563-a9895712f982", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42366", "type": "seen", "source": "https://bsky.app/profile/keiwork35.bsky.social/post/3mlxwdselvi2h", "content": "\u3010\u8106\u5f31\u6027\u60c5\u5831\u3011 CVE-2026-42366 GeoVision LPC2011/LPC2211\u00a01.10\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\n\nGeoVision LPC2011/LPC2211 1.10\u306eWeb Interface / ssi.cgi\u6a5f\u80fd\u306b\u8907\u6570\u306e\u53cd\u5c04\u578b\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\uff08XSS\uff09\u8106\u5f31\u6027\u304c\u5b58\u5728\u3057\u307e\u3059\u3002", "creation_timestamp": "2026-05-16T13:12:07.550279Z"}, {"uuid": "05d41c02-0d68-49da-b5f2-ea4291a0f3ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42365", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3ml3hs3742i2v", "content": "\ud83d\udccc CVE-2026-42365 - A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HT... https://www.cyberhub.blog/cves/CVE-2026-42365", "creation_timestamp": "2026-05-05T05:37:07.923869Z"}, {"uuid": "4a2bf48e-2239-4692-84fb-d6305f31d24f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42364", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmp2zlx4ie2r", "content": "\ud83d\udccc CVE-2026-42364 - An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configur... https://www.cyberhub.blog/cves/CVE-2026-42364", "creation_timestamp": "2026-05-25T18:07:08.445895Z"}, {"uuid": "085d7bfa-4510-4a20-a7d0-c7964fa1c160", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42360", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5nholycq2o", "content": "CVE-2026-42360: Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking", "creation_timestamp": "2026-05-31T13:14:24.028155Z"}]}