CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

239 matches found

NUUO Camera <=20250203 - OS Command Injection

NUUO Camera up to 20250203 contains a command injection caused by manipulation of the 'log' argument in /handleconfig.php, letting remote attackers execute arbitrary commands, exploit requires remote access. id: CVE-2025-1338 info: name: NUUO Camera =20250203 - OS Command Injection author: Ark...

7.5CVSS7.8AI score0.09106EPSS

Exploits1References3

RedhatCVE•added 2 days ago•7 views

CVE-2026-6241

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...

6.8CVSS5.5AI score0.00014EPSS

Exploits0References1

EUVD•added 3 days ago•8 views

EUVD-2026-34936

6.8CVSS5.5AI score0.00014EPSS

Exploits0References4

NVD•added 3 days ago•7 views

CVE-2026-6239

A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive...

6.8CVSS0.00014EPSS

Exploits0References3

Cvelist•added 4 days ago•37 views

CVE-2026-6239 Authenticated Stack-based Buffer Overflow in ONVIF CreateUsers Service in TP-Link Tao C520WS

6.8CVSS0.00014EPSS

Exploits0References3

Positive Technologies•added 4 days ago•10 views

PT-2026-47076

6.8CVSS5.5AI score0.00014EPSS

Exploits0References4

Positive Technologies•added 4 days ago•11 views

PT-2026-47078

6.8CVSS5.5AI score0.00014EPSS

Exploits0References4

NVD•added 2026/05/29 6:17 p.m.•7 views

CVE-2026-6824

A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...

8.4CVSS0.00039EPSS

Exploits0References3

EUVD•added 2026/05/29 4:41 p.m.•9 views

EUVD-2026-33363

8.4CVSS5.7AI score0.00039EPSS

Exploits0References3

Cvelist•added 2026/05/29 4:41 p.m.•28 views

CVE-2026-6824 CP Plus 8 Ch. Network Video Recorder Cross-site Scripting

8.4CVSS0.00039EPSS

Exploits0References3

CVE•added 2026/05/29 4:41 p.m.•11 views

CVE-2026-6824

CVE-2026-6824 concerns a stored Cross-Site Scripting (XSS) in certain 1xxx-series CP Plus NVRs (8-channel). The vulnerability stems from insufficient sanitization of user-supplied input in specific modules, allowing attackers to persistently inject scripts on the device backend. When an authentic...

8.4CVSS5.7AI score0.00039EPSS

Exploits0References3

Vulnrichment•added 2026/05/29 4:41 p.m.•11 views

CVE-2026-6824 CP Plus 8 Ch. Network Video Recorder Cross-site Scripting

8.4CVSS5.7AI score0.00039EPSS

Exploits0References3

Positive Technologies•added 2026/05/29 12:0 a.m.•7 views

PT-2026-44969

8.4CVSS5.7AI score0.00039EPSS

Exploits0References4

ICS•added 2026/05/28 6:0 a.m.•5 views

CP Plus 8 Ch. Network Video Recorder

ADVISORY SUMMARY Successful exploitation of this vulnerability allows an attacker's malicious script to execute in the browser of any authenticated user or administrator who accesses the affected interface. This could lead to compromise of user sessions, execution of unauthorized actions with...

8.4CVSS5.9AI score0.00039EPSS

Exploits0References13

CVE•added 2026/03/29 5:2 p.m.•8 views

CVE-2026-34005

The CVE-2026-34005 entry affects Xiongmai/DVR–NVR devices (AHB7008T-MH-V2, NBD7024H-P) with firmware 4.03.R11. It enables root OS command injection via shell metacharacters in the HostName field of an authenticated DVRIP request (TCP 34567) to NetWork.NetCommon, because the system() function is i...

8.8CVSS5.9AI score0.00109EPSS

Exploits0References2

Cvelist•added 2026/03/27 12:0 a.m.•19 views

CVE-2025-69986

A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an...

0.00204EPSS

Exploits0References1

Positive Technologies•added 2026/03/27 12:0 a.m.•5 views

PT-2026-28304

Name of the Vulnerable Software and Affected Versions LSC Indoor Camera version 7.6.32 Description A buffer overflow issue exists in the ONVIF GetStreamUri function. The application does not properly check the length of the Protocol parameter within the Transport element. An attacker can exploit...

7.2CVSS6.2AI score0.00204EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:18 p.m.•3 views

CVE-2025-31703

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

2.4CVSS5.8AI score0.00014EPSS

Exploits0References1

NVD•added 2026/03/20 10:16 a.m.•2 views

CVE-2026-33125

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version...

8.1CVSS0.00058EPSS

Exploits1References2

Positive Technologies•added 2026/03/20 12:0 a.m.•4 views

PT-2026-26598

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Versions prior to 0.17.0-beta1 allow any authenticated user to change their own password without verifying the current password through the /users/username/password endpoint. Changing a password does not...

8.6CVSS5.8AI score0.00062EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by