Lucene search
K

180 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-26870

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.01086EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2025/08/17 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-34105

SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's api-server server is vulnerable to a drive-by command injection. An attacker may send a request to the /api/v1/snapshots endpoint containing an...

7.5CVSS6AI score0.0876EPSS
In wildExploits1References102
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.9 views

CVE-2023-34105

SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's api-server server is vulnerable to a drive-by command injection. An attacker may send a request to the /api/v1/snapshots endpoint containing an...

7.5CVSS8AI score0.0876EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:12 p.m.6 views

CVE-2020-8145

The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...

6.5CVSS6.8AI score0.01121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:56 p.m.7 views

CVE-2020-8144

The UniFi Video Server v3.9.3 and prior for Windows 7/8/10 x64 web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware...

8.4CVSS6.9AI score0.00748EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 4:0 a.m.8 views

CVE-2024-33250

An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268Leo and SRS/4.0.195Leo allows a remote attacker to execute arbitrary code via a crafted request...

7.2CVSS7.8AI score0.00671EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:11 p.m.10 views

CVE-2019-19298

A vulnerability has been identified in SiNVR/SiVMS Video Server All versions = V5.0.0 V5.0.2. The streaming service default port 5410/tcp of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service...

7.5CVSS6.9AI score0.01864EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:10 p.m.8 views

CVE-2019-19297

A vulnerability has been identified in SiNVR/SiVMS Video Server All versions V5.0.0. The streaming service default port 5410/tcp of the SiVMS/SiNVR Video Server contains a path traversal vulnerability, that could allow an unauthenticated remote attacker to access and download arbitrary files from...

7.5CVSS7AI score0.02735EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:7 a.m.7 views

CVE-2024-29882

SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-?callback= endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS Cross-Site Scripting. This vulnerability is fixed in 5.0.210 and 6.0.121...

7.2CVSS6.5AI score0.01086EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.3 views

SRS 安全漏洞

SRS is a simple, efficient, real-time video server from SRS Open Source. A security vulnerability exists in Simple Realtime Server that stems from allowing a remote attacker to execute arbitrary code via a crafted request...

7.2CVSS7.7AI score0.00671EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/13 3:46 p.m.24 views

CVE-2024-33250

An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268Leo and SRS/4.0.195Leo allows a remote attacker to execute arbitrary code via a crafted request...

7.8AI score0.00671EPSS
Exploits0References1
NVD
NVD
added 2024/03/28 2:15 p.m.15 views

CVE-2024-29882

SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-?callback= endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS Cross-Site Scripting. This vulnerability is fixed in 5.0.210 and 6.0.121...

7.2CVSS6.6AI score0.01086EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/03/28 1:33 p.m.11 views

CVE-2024-29882 SRS DOM - XSS on JSONP callback

SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-?callback= endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS Cross-Site Scripting. This vulnerability is fixed in 5.0.210 and 6.0.121...

7.2CVSS5.9AI score0.01086EPSS
Exploits1References2
CVE
CVE
added 2024/03/28 1:33 p.m.88 views

CVE-2024-29882

CVE-2024-29882 affects SRS (simple, high-efficiency real-time video server). The vulnerability lies in the /api/v1/vhosts/vid-?callback= endpoint, where the callback name was not filtered, enabling injection of malicious JavaScript and XSS. Multiple connected sources corroborate that the issue ma...

7.2CVSS6.6AI score0.01086EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/03/28 1:33 p.m.17 views

CVE-2024-29882 SRS DOM - XSS on JSONP callback

SRS is a simple, high-efficiency, real-time video server. SRS's /api/v1/vhosts/vid-?callback= endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS Cross-Site Scripting. This vulnerability is fixed in 5.0.210 and 6.0.121...

7.2CVSS6.5AI score0.01086EPSS
Exploits1References4
Prion
Prion
added 2023/11/15 8:15 p.m.19 views

Race condition

The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized...

2.6CVSS7AI score0.003EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.3 views

Palantir Gotham video-application-server security vulnerability

Palantir Gotham is a commercially available, artificial intelligence-enabled operating system from US-based Palantir. A security vulnerability exists in the Palantir Gotham video-application-server, which stems from the inclusion of a contention condition that would result in the inability to app...

3.7CVSS6.8AI score0.003EPSS
Exploits0References2
OSV
OSV
added 2023/06/28 3:15 p.m.6 views

CVE-2023-20192

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: "Cis...

7.7CVSS5.8AI score0.00656EPSS
Exploits0References1
NVD
NVD
added 2023/06/12 5:15 p.m.50 views

CVE-2023-34105

SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's api-server server is vulnerable to a drive-by command injection. An attacker may send a request to the /api/v1/snapshots endpoint containing an...

7.5CVSS8.2AI score0.0876EPSS
Exploits1References3
Prion
Prion
added 2023/06/12 5:15 p.m.14 views

Command injection

SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's api-server server is vulnerable to a drive-by command injection. An attacker may send a request to the /api/v1/snapshots endpoint containing an...

5.1CVSS8.2AI score0.0876EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder