EUVD-2025-19631

Malicious code in bioql PyPI...

CVE-2025-34054

AVTECH DVR devices are affected by CVE-2025-34054, an unauthenticated command injection via Search.cgi?action=cgi_query. The vulnerability stems from using wget without input sanitization, allowing an attacker to inject shell commands through the username or queryb64str parameters and execute the...

CVE-2025-34054 AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgiquery. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence wa...

CVE-2025-34051

CVE-2025-34051 describes a server-side request forgery in AVTECH DVR devices. The unauthenticated vulnerability targets /cgi-bin/nobody/Search.cgi?action=cgi_query and lets an attacker supply ip, port, and queryb64str to force the DVR to perform arbitrary HTTP requests, potentially leaking data o...

PT-2025-27539 · Avtech · Avtech Dvr +2

Name of the Vulnerable Software and Affected Versions: AVTECH DVR, NVR, and IP camera devices affected versions not specified Description: An OS command injection issue exists within the "adcommand.cgi" endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the...

PT-2025-27538

Name of the Vulnerable Software and Affected Versions: AVTECH DVR devices affected versions not specified Description: An unauthenticated command injection issue exists in AVTECH DVR devices. This is due to the lack of input sanitization when using wget in the "Search.cgi?action=cgi query"...