PT-2025-45029

Name of the Vulnerable Software and Affected Versions Survision LPR Camera system affected versions not specified Description The Survision LPR Camera system lacks default password protection. This allows immediate access to the configuration wizard without requiring a login or checking...

CVE-2025-54323

Summary: CVE-2025-54323 describes an information leakage due to improper debug printing in the camera of Samsung Mobile Processor Exynos SoCs (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580). Affected components/versions: Samsung Exynos camera functionality across listed proc...

motionEye vulnerable to RCE via unsanitized motion config parameter

Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...

CVE-2025-12351

CVE-2025-12351 affects Honeywell S35 Series Cameras. The issue is an authorization bypass via the User controller key that could enable privilege escalation to admin-level functionalities. Affected products are S35 Pinhole/Kit Camera (versions prior to 2025.08.28), S35 AI Fisheye & Dual Sensor/Mi...

Louvre Jewel Heist

I assume I don't have to explain last week's Louvre jewel heist. I love a good caper, and have like many others eagerly followed the details. An electric ladder to a second-floor window, an angle grinder to get into the room and the display cases, security guards there more to protect patrons tha...

Honeywell S35 Series 安全漏洞

Honeywell S35 Series is a series of cameras from Honeywell USA. A security vulnerability exists in the Honeywell S35 Series that stems from an authorization bypass of the user controller key, which could result in elevated privileges...

CVE-2025-56438

An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card...

EUVD-2025-35857

An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card...

CVE-2025-53701

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...

CVE-2025-53702

Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...

CVE-2025-56438

An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card...

CVE-2025-56438

The CVE describes a vulnerability in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82. The issue allows unauthenticated, physically proximate attackers to escalate privileges to root by supplying a crafted update.tar file stored on a FAT32 SD card. Affected component: firmwa...

CVE-2025-53701 XSS vulnerability in Vilar VS-IPC1002 IP cameras

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...

CVE-2025-53702 DoS vulnerability in Vilar VS-IPC1002 IP cameras

Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...

CVE-2025-53702

Vilar VS-IPC1002 IP cameras are affected by CVE-2025-53702 affecting the DoS vector via crafted requests to /cgi-bin/action on the same local network. An unauthenticated attacker can render the device unresponsive, requiring a manual restart. Only version 1.1.0.18 was tested; other versions might...

Vilar VS-IPC1002 跨站脚本漏洞

Vilar VS-IPC1002 is a webcam from the Chinese company Vilar. A cross-site scripting vulnerability exists in the Vilar VS-IPC1002 version 1.1.0.18, which stems from improper cleanup of the GET request parameter on the /cgi-bin/action endpoint, which could lead to a reflected cross-site scripting...

CVE-2025-11757

The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key...

EUVD-2025-35202

The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key...

CloudEdge Online Cameras and App

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to live video feed and camera control. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

EUVD-2025-35065

In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: Fix dereference before NULL check In 'stm32csistart', 'csidev-ssubdev' is dereferenced directly while assigning a value to the 'srcpad'. However the same value is being checked against NULL at a later point of...