CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/03/26 5:6 p.m.•0 views

CVE-2026-33470 Frigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webp

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

6.5CVSS5.8AI score0.00015EPSS

CVE•added 2026/03/26 5:6 p.m.•3 views

CVE-2026-33470

Frigate NVR (version 0.17.0) contains an authorization flaw that lets a low-privileged, authenticated user access snapshots from cameras they are not authorized to view. The chain involves: (1) /api/timeline returning timeline entries for cameras outside the caller’s allowed set, and (2) /api/eve...

6.5CVSS5.8AI score0.00015EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/03/26 5:6 p.m.•17 views

CVE-2026-33470 Frigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webp

6.5CVSS0.00015EPSS

OSV•added 2026/03/26 5:5 p.m.•2 views

CVE-2026-33469 Authenticated Frigate users can read the full unredacted configuration via `/api/config/raw

6.5CVSS5.9AI score0.00047EPSS

Exploits1References3

RedhatCVE•added 2026/03/26 3:0 p.m.•3 views

CVE-2026-33125

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version...

8.1CVSS5.7AI score0.00058EPSS

Positive Technologies•added 2026/03/26 12:0 a.m.•1 views

PT-2026-28485

Name of the Vulnerable Software and Affected Versions Frigate version 0.17.0 Description Frigate is a network video recorder NVR with realtime local object detection for IP cameras. A low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possib...

6.5CVSS5.8AI score0.00015EPSS

Exploits1References4

ATTACKERKB•added 2026/03/20 7:57 p.m.•2 views

CVE-2026-33126

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to version 0.16.3, the /ffprobe endpoint accepts arbitrary user-controlled URLs without proper validation, allowing Server-Side Request Forgery SSRF attacks. An attacker can use the Frigate server t...

5CVSS5.9AI score0.00048EPSS

Exploits1References3Affected Software1

EUVD•added 2026/03/20 7:57 p.m.•2 views

EUVD-2026-13772

5CVSS5.9AI score0.00048EPSS

Exploits1References2

ATTACKERKB•added 2026/03/20 9:22 a.m.•0 views

CVE-2026-33125

7.1CVSS5.7AI score0.00058EPSS

Exploits1References3Affected Software1

Packet Storm•added 2026/02/27 12:0 a.m.•216 views

📄 Frigate NVR 0.16.3 Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Frigate NVR versions 0.16.3 and below by manipulating the application's configuration through the go2rtc stream settings. The module retrieves the current configuration, safely parses and modifies it to introduce a controlle...

9.1CVSS6.6AI score0.01265EPSS

Packet Storm•added 2026/02/25 12:0 a.m.•245 views

📄 Frigate NVR 0.16.3 Remote Command Execution

This Python exploit targets a critical configuration manipulation vulnerability in Frigate NVR versions up to 0.16.3 both authenticated and unauthenticated paths. By injecting a malicious go2rtc stream and a fake camera entry, it triggers arbitrary command execution as the Frigate process during...

9.1CVSS5.9AI score0.01265EPSS

GithubExploit•added 2026/02/24 9:14 p.m.•195 views

Exploit for Improper Privilege Management in Frigate

Frigate NVR ≤ 0.16.3 Blind RCE Exploit CVE-2026-25643 PoC...

9.1CVSS6AI score0.01265EPSS

GithubExploit•added 2026/02/05 9:23 p.m.•139 views

Exploit for CVE-2026-25643

CVE-2026-25643: Frigate NVR = 0.16.3 Authenticated RCE Ex...

5.5AI score0.01265EPSS

NVD•added 2024/05/14 3:37 p.m.•14 views

CVE-2024-32874

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...

6.8CVSS6.5AI score0.00124EPSS

Cvelist•added 2024/05/09 2:20 p.m.•18 views

CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

6.8CVSS6.9AI score0.00124EPSS

CVE•added 2024/05/09 2:20 p.m.•67 views

CVE-2024-32874

In Frigate, CVE-2024-32874, an application-level DoS can occur when uploading or handling filenames with very long Unicode names due to unbounded filename length and costly Unicode normalization (NFKD) inside secure_filename(). Affected: Frigate releases before 0.13.2. Impact: potential web-app h...

6.8CVSS6.6AI score0.00124EPSS

OSV•added 2024/05/09 2:20 p.m.•13 views

CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

6.8CVSS6.4AI score0.00124EPSS

Exploits0References4

Vulnrichment•added 2024/05/09 2:20 p.m.•27 views

CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

6.8CVSS6.7AI score0.00124EPSS