CVE-2026-33470

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

CVE-2026-33470 Frigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webp

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

EUVD-2026-16267

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

PT-2026-28485

Name of the Vulnerable Software and Affected Versions Frigate version 0.17.0 Description Frigate is a network video recorder NVR with realtime local object detection for IP cameras. A low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possib...

CVE-2018-25141 FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated RTSP Stream Disclosure

FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without...

CVE-2021-4469

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by...

CVE-2021-4469 Denver SHO-110 IP Camera Unauthenticated Snapshot Access

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by...

EUVD-2021-34716

Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces authentication, the backdoor service allows any remote attacker to retrieve image snapshots by...

CVE-2021-4469

CVE-2021-4469 : Denver SHO-110 IP cameras expose a secondary HTTP service on port 8001 with an unauthenticated /snapshot endpoint. While port 80 requires authentication, the backdoor service allows remote attackers to fetch snapshots directly, enabling repeated collection and potential reconstruc...

PT-2025-47020

Name of the Vulnerable Software and Affected Versions Denver SHO-110 IP cameras affected versions not specified Description Denver SHO-110 IP cameras have a secondary HTTP service accessible on TCP port 8001. This service provides access to the /snapshot endpoint without requiring authentication...

Denver SHO-110 安全漏洞

The Denver SHO-110 is a wireless IP camera from Denver, Denmark. A security vulnerability exists in the Denver SHO-110 that originates from an unauthenticated HTTP service exposing a snapshot endpoint, which could lead to compromised confidentiality of the surveillance environment...

Exploit for Cross-site Scripting in Flatpress

CVE Submissions Repository This repository contains informati...

CVE-2024-40422

The snapshotpath parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshotpath parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized...

PT-2023-27900 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 2.0.3 Description: The issue allows unauthenticated access through the API endpoints "/api/snapshot" and "/api/get log file". This could potentially lead to a DoS attack or allow an attacker to retrieve arbitrary...

Apache Doris 安全漏洞

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from an authorization issue vulnerability that stems from api /api/snapshot and /api/getlogfile allowing...

Grafana 授权问题漏洞

Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. An authorization issue vulnerability exists in Grafana version 8.4.3. An attacker can exploit this...

CVE-2021-38136

Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snapfile parameter in the /it-IT/splunkd/raw/services/getsnapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host...

Night Owl WDB-20-V2 访问控制错误漏洞

Night Owl WDB-20-V2 is a webcam from Night Owl UK. A security vulnerability exists in the NightOwl WDB-20-V2 WDB-20-V2 20190314 device that allows an unauthenticated user to obtain a snapshot from the doorbell camera via the snapshot URI...