23 matches found
📄 Frigate NVR 0.16.3 Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Frigate NVR versions 0.16.3 and below by manipulating the application's configuration through the go2rtc stream settings. The module retrieves the current configuration, safely parses and modifies it to introduce a controlle...
CVE-2026-25643
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...
CVE-2026-25643
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...
EUVD-2026-5586
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...
CVE-2026-25643
Frigate (NVR) prior to version 0.16.4 is affected by a critical Remote Command Execution (RCE) vulnerability in the go2rtc integration. The root cause is improper sanitization of user input in the video stream configuration (config.yaml), permitting injection of system commands via the exec: dire...
CVE-2026-25643 Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...
CVE-2026-25643
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...
CVE-2026-25643 Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...
CVE-2026-25643 Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...
PT-2026-6784
Name of the Vulnerable Software and Affected Versions Frigate versions prior to 0.16.4 Description Frigate is a network video recorder NVR with realtime local object detection for IP cameras. A critical Remote Command Execution RCE issue exists in the Frigate integration with go2rtc. The...
Exploit for CVE-2026-25643
CVE-2026-25643: Frigate NVR = 0.16.3 Authenticated RCE Ex...
EUVD-2024-2650
Malicious code in bioql PyPI...
CVE-2024-29192
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...
Cross-site Scripting (XSS)
github.com/alexxit/go2rtc is vulnerable to DOM-based cross-site scripting XSS. The vulnerability is due to the lack of input sanitization when appending API data using innerHTML in the index page index.html, allowing an attacker to execute malicious scripts in the context of the go2rtc instance's...
GO-2024-3055 gotortc Cross-site Scripting vulnerability in github.com/AlexxIT/go2rtc
gotortc Cross-site Scripting vulnerability in github.com/AlexxIT/go2rtc...
GHSA-RH4R-F7F7-R99M gotortc Cross-site Scripting vulnerability
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...
CVE-2024-29193 GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...
CVE-2024-29193 GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...
CVE-2024-29193 GHSL-2023-207 gotortc DOM-based Cross-site Scripting vulnerability
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...
go2rtc 安全漏洞
go2rtc is an ultimate camera streaming application by Alex X Personal Developer that supports RTSP, RTMP, HTTP-FLV, WebRTC, MSE, HLS, MP4, MJPEG, HomeKit, FFmpeg and more. A security vulnerability exists in go2rtc 1.8.5 and earlier versions, which stems from the /api/config endpoint that allows...