TP-Link Systems Inc. VIGI Series IP Camera

RISK EVALUATION Successful exploitation of this vulnerability could result in unauthorized users gaining administrative access to affected closed circuit television cameras. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

CVE-2025-47399 Buffer Copy Without Checking Size of Input in Camera

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters...

CVE-2025-47399 Buffer Copy Without Checking Size of Input in Camera

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters...

CVE-2025-47399

CVE-2025-47399 describes memory corruption occurring when processing an IOCTL to update sensor property settings with invalid input parameters. The CVE is linked to Qualcomm-reported data with a CVSS v3.1 base score of 7.8 (HIGH) and a LOCAL attack vector, requiring LOW privileges and no user int...

CVE-2026-1532

A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of the argument UploadMusic leads to path traversal. The attack can only be initiated within the loc...

CVE-2026-0919

The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can...

CVE-2026-0918

CVE-2026-0918 affects TP-Link Tapo C220 v1 and C520WS v2 cameras. The HTTP service mishandles POST requests with an excessively large Content-Length header, causing a failed memory allocation and a NULL pointer dereference that crashes the main process. This allows an unauthenticated attacker to ...

Exploit for Improper Authentication in Hikvision Ds-2Cd2032-I_Firmware

CVE-2017-...

MiracleLinux 7 : firefox-68.6.0-1.0.1.el7.AXS7 (AXSA:2020-4500:06)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4500:06 advisory. Mozilla: Use-after-free when removing data about origins CVE-2020-6805 Mozilla: BodyStream::OnInputStreamReady was missing protections against state...

Huawei HarmonyOS Camera Framework Module Multi-threaded Conditional Competition Vulnerability (CNVD-2026-13992)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Camera Framework module, which can be exploited by an attacker to cause...

Huawei HarmonyOS Camera Framework Module Multi-threaded Conditional Competition Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Camera Framework module, which can be exploited by an attacker to cause...

CVE-2021-47796

Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default credential to execute arbitrary commands on the camera's operating system...

PY Active WebCam security vulnerability

PY Active WebCam is a camera management software developed by the PY company. Version 11.5 of PY Active WebCam contains a security vulnerability, which stems from an unquoted service path, potentially allowing for the execution of arbitrary code...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004063)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004063 advisory. In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlinkcit.c aka the Xirlink camera USB driver mishandles invalid descriptors, aka CID-a246b4d54770. Tenabl...

Hanwha Vision Camera Improper Privilege Management (CVE-2025-52599)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the...

Hanwha Vision Camera Improper Input Validation (CVE-2025-52600)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on the...

Hanwha Vision Camera Improper Certificate Validation(CVE-2025-52598)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the...

Hanwha Vision Camera Improper Neutralization of Input During Web Page Generation (CVE-2025-8075)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered that validation of incoming XML format request messages is inadequate. This vulnerability could allow an attacker to XSS on the user's browser. The...

Hanwha Vision Camera Use of Hard-coded Cryptographic Key (CVE-2025-52601)

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004382)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004382 advisory. In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlinkcit.c aka the Xirlink camera USB driver mishandles invalid descriptors, aka CID-a246b4d54770. Tenabl...