Monthly
Improper array index validation (CWE-129) in NVIDIA TensorRT allows an attacker to trigger out-of-bounds memory access that may lead to arbitrary code execution when a victim processes malicious input on the local host. The CVSS 3.1 vector (AV:L/UI:R) indicates the target must actively load attacker-controlled content, so exploitation hinges on tricking a user or automated pipeline into ingesting a crafted model or input file. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but with high confidentiality, integrity, and availability impact this is a meaningful priority for AI/ML inference environments.
Denial-of-service in Ollama's downloadBlob function lets remote, unauthenticated attackers crash affected installations by supplying malformed data that triggers an out-of-bounds array access. The flaw (ZDI-CAN-27277 / ZDI-26-403, CWE-129) carries a CVSS 7.5 with an availability-only impact and requires no authentication or user interaction. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-style annotation/border appearances, because the code that builds that geometry omits an upper-bound limit and consistency checks. A local attacker who convinces a user to open a malicious PDF can trigger an out-of-bounds array access that crashes the application; no public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV. Although the NVD vector claims high confidentiality and integrity impact, the vendor description and tags describe only a crash.
Out-of-bounds array access in GeoVision's GeoWebPlayer add-on (also branded 'Web Plugin' for GV-VMS and 'WS Player' for VMS-Cloud) lets an attacker abuse the 'byPass' WebSocket command by supplying an unchecked 'index' value, corrupting memory to achieve high-impact compromise (CVSS 8.3). The bundled component runs a local WebSocket server for GeoVision web interfaces (GV-VMS, GV-Cloud); because the server is reachable from a victim's browser, a malicious web page can drive the flaw with only user interaction and no authentication. No public exploit identified at time of analysis, though a Talos vulnerability report (TALOS-2026-2373) documents the issue.
Out-of-bounds array indexing in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS-Cloud) allows a remote attacker to leak memory or crash the local WebSocket service by delivering a malformed 'pause' command. The addon runs a WebSocket server that backs the browser interfaces of GeoVision products such as GV-VMS and GV-Cloud, so any browser tricked into connecting to it can trigger the flaw. No public exploit identified at time of analysis; the issue was reported by the vendor (GeoVision) and documented by Cisco Talos (TALOS-2026-2373).
Out-of-bounds array access in GeoVision GeoWebPlayer (a.k.a. "Web Plugin"/"WS Player"), a websocket-server addon bundled with GV-VMS, GV-Cloud and related GeoVision software, lets an attacker who lures a victim to a malicious web page reach the localhost websocket and supply an unvalidated `index` to leak memory and corrupt state (CWE-129). The play command in particular accepts an attacker-controlled index used to index internal arrays without a range check, enabling information disclosure and potential code-path corruption. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the vendor has published a security advisory and Talos has released a detailed report.
Out-of-bounds array access in GeoVision's GeoWebPlayer (a.k.a. 'Web Plugin' / 'WS Player') addon lets an attacker read memory, corrupt state, or crash the local WebSocket helper bundled with GV-VMS, GV-Cloud, and related surveillance software. The plugin's localhost WebSocket server processes commands (such as 'disconnect') that carry an attacker-controlled 'index' used to dereference internal arrays without bounds checking (CWE-129), yielding high confidentiality, integrity, and availability impact. The CVSS 3.1 vector (AV:N/UI:R/S:C) reflects a cross-origin browser-driven vector where a victim lured to a malicious page has their browser relay commands to the local WebSocket; there is no public exploit identified at time of analysis and no CISA KEV listing.
Out-of-bounds array access in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS-Cloud) can lead to remote code execution when the addon's localhost WebSocket server processes a saveVideo command with an attacker-controlled index. Because the addon ships with widely-used GeoVision products (GV-VMS, GV-Cloud) and is reachable from a victim's browser via a malicious web page, a lured user visiting attacker-controlled content can trigger an out-of-bounds function-pointer call. This is a Talos-reported (TALOS-2026-2373) issue with no public exploit identified at time of analysis and is not listed in CISA KEV.
Out-of-bounds array access in GeoVision's GeoWebPlayer (the 'Web Plugin'/'WS Player' addon bundled with GV-VMS, GV-Cloud and related software) lets an attacker abuse the local WebSocket server's snapshot command by supplying an unchecked 'index' value that indexes arrays beyond their bounds. Because the CVSS vector is AV:N/UI:R with a scope change, a victim who visits a malicious web page can have their browser drive the localhost WebSocket into out-of-bounds reads/writes, yielding information disclosure and potential memory corruption (C:H/I:H/A:H). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Out-of-bounds array access in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' for VMS-Cloud) lets an attacker corrupt memory or leak sensitive data by sending a 2wayAudio WebSocket command with an unchecked index value. The addon runs a localhost WebSocket server that expands GeoVision web interfaces, and its command handlers use caller-supplied index values to index internal arrays without validating their range. Reported by GeoVision and Talos (TALOS-2026-2373); no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Improper array index validation (CWE-129) in NVIDIA TensorRT allows an attacker to trigger out-of-bounds memory access that may lead to arbitrary code execution when a victim processes malicious input on the local host. The CVSS 3.1 vector (AV:L/UI:R) indicates the target must actively load attacker-controlled content, so exploitation hinges on tricking a user or automated pipeline into ingesting a crafted model or input file. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but with high confidentiality, integrity, and availability impact this is a meaningful priority for AI/ML inference environments.
Denial-of-service in Ollama's downloadBlob function lets remote, unauthenticated attackers crash affected installations by supplying malformed data that triggers an out-of-bounds array access. The flaw (ZDI-CAN-27277 / ZDI-26-403, CWE-129) carries a CVSS 7.5 with an availability-only impact and requires no authentication or user interaction. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Denial of service in Foxit PDF Editor and Foxit PDF Reader arises when the application renders a PDF containing cloud-style annotation/border appearances, because the code that builds that geometry omits an upper-bound limit and consistency checks. A local attacker who convinces a user to open a malicious PDF can trigger an out-of-bounds array access that crashes the application; no public exploit has been identified at time of analysis and the flaw is not listed in CISA KEV. Although the NVD vector claims high confidentiality and integrity impact, the vendor description and tags describe only a crash.
Out-of-bounds array access in GeoVision's GeoWebPlayer add-on (also branded 'Web Plugin' for GV-VMS and 'WS Player' for VMS-Cloud) lets an attacker abuse the 'byPass' WebSocket command by supplying an unchecked 'index' value, corrupting memory to achieve high-impact compromise (CVSS 8.3). The bundled component runs a local WebSocket server for GeoVision web interfaces (GV-VMS, GV-Cloud); because the server is reachable from a victim's browser, a malicious web page can drive the flaw with only user interaction and no authentication. No public exploit identified at time of analysis, though a Talos vulnerability report (TALOS-2026-2373) documents the issue.
Out-of-bounds array indexing in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS-Cloud) allows a remote attacker to leak memory or crash the local WebSocket service by delivering a malformed 'pause' command. The addon runs a WebSocket server that backs the browser interfaces of GeoVision products such as GV-VMS and GV-Cloud, so any browser tricked into connecting to it can trigger the flaw. No public exploit identified at time of analysis; the issue was reported by the vendor (GeoVision) and documented by Cisco Talos (TALOS-2026-2373).
Out-of-bounds array access in GeoVision GeoWebPlayer (a.k.a. "Web Plugin"/"WS Player"), a websocket-server addon bundled with GV-VMS, GV-Cloud and related GeoVision software, lets an attacker who lures a victim to a malicious web page reach the localhost websocket and supply an unvalidated `index` to leak memory and corrupt state (CWE-129). The play command in particular accepts an attacker-controlled index used to index internal arrays without a range check, enabling information disclosure and potential code-path corruption. No public exploit identified at time of analysis and the issue is not in CISA KEV, but the vendor has published a security advisory and Talos has released a detailed report.
Out-of-bounds array access in GeoVision's GeoWebPlayer (a.k.a. 'Web Plugin' / 'WS Player') addon lets an attacker read memory, corrupt state, or crash the local WebSocket helper bundled with GV-VMS, GV-Cloud, and related surveillance software. The plugin's localhost WebSocket server processes commands (such as 'disconnect') that carry an attacker-controlled 'index' used to dereference internal arrays without bounds checking (CWE-129), yielding high confidentiality, integrity, and availability impact. The CVSS 3.1 vector (AV:N/UI:R/S:C) reflects a cross-origin browser-driven vector where a victim lured to a malicious page has their browser relay commands to the local WebSocket; there is no public exploit identified at time of analysis and no CISA KEV listing.
Out-of-bounds array access in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS-Cloud) can lead to remote code execution when the addon's localhost WebSocket server processes a saveVideo command with an attacker-controlled index. Because the addon ships with widely-used GeoVision products (GV-VMS, GV-Cloud) and is reachable from a victim's browser via a malicious web page, a lured user visiting attacker-controlled content can trigger an out-of-bounds function-pointer call. This is a Talos-reported (TALOS-2026-2373) issue with no public exploit identified at time of analysis and is not listed in CISA KEV.
Out-of-bounds array access in GeoVision's GeoWebPlayer (the 'Web Plugin'/'WS Player' addon bundled with GV-VMS, GV-Cloud and related software) lets an attacker abuse the local WebSocket server's snapshot command by supplying an unchecked 'index' value that indexes arrays beyond their bounds. Because the CVSS vector is AV:N/UI:R with a scope change, a victim who visits a malicious web page can have their browser drive the localhost WebSocket into out-of-bounds reads/writes, yielding information disclosure and potential memory corruption (C:H/I:H/A:H). There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.
Out-of-bounds array access in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' for VMS-Cloud) lets an attacker corrupt memory or leak sensitive data by sending a 2wayAudio WebSocket command with an unchecked index value. The addon runs a localhost WebSocket server that expands GeoVision web interfaces, and its command handlers use caller-supplied index values to index internal arrays without validating their range. Reported by GeoVision and Talos (TALOS-2026-2373); no public exploit identified at time of analysis, and it is not listed in CISA KEV.