Lucene search
K

25 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-54652

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...

8.1CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-54652 Frigate viewer can read logs exposing admin and camera credentials

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...

8.1CVSS0.00231EPSS
Exploits0References3
CVE
CVE
added 6 days ago10 views

CVE-2026-54652

Frigate (v0.17.1) exposes credentials via GET /api/logs/{service} for authenticated users including viewer role, allowing download of Frigate and nginx logs that contain admin passwords and camera credentials in query strings. Root cause: log exposure through an endpoint access with insufficient ...

8.1CVSS5.9AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42287

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...

8.1CVSS5.9AI score0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 11:16 a.m.9 views

CVE-2026-57473

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS0.00145EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 10:47 a.m.35 views

CVE-2026-57473

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS0.00145EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 10:47 a.m.8 views

CVE-2026-57473

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS5.8AI score0.00145EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 10:47 a.m.25 views

CVE-2026-57473

The CVE affects Reolink Home Hub netclient and factory services, prior to v3.3.0.456_26031911. The issue enables brute-force credential cracking on the local network, allowing an attacker on the same LAN to intercept traffic between the Hub and connected cameras and compromise camera credentials....

5.8CVSS5.8AI score0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-32315

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS0.02902EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 8:45 p.m.13 views

CVE-2026-32315

motionEye prior to 0.44.0 creates /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--) and per-camera camera-.conf with identical permissions, making the admin password hash and camera credentials readable by any local user. The SHA1 admin password hash can be cracked offline to plaintext...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 8:45 p.m.17 views

CVE-2026-32315 motionEye: World-Readable Configuration File Exposes Admin Password Hash

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS0.02902EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 2:53 p.m.45 views

CVE-2026-8598 Unauthenticated Export Service in ZKTeco CCTV Cameras

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

9.1CVSS0.00507EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/20 2:53 p.m.10 views

CVE-2026-8598 Unauthenticated Export Service in ZKTeco CCTV Cameras

An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials...

9.1CVSS5.8AI score0.00507EPSS
Exploits0References3
ICS
ICS
added 2026/05/19 4:0 a.m.19 views

ZKTeco CCTV Cameras

ADVISORY SUMMARY Successful exploitation of this vulnerability could result in information disclosure, including capture of camera account credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize...

9.1CVSS5.8AI score0.00507EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.16 views

PT-2026-42011

Name of the Vulnerable Software and Affected Versions ZKTeco CCTV cameras affected versions not specified Description An issue exists in ZKTeco CCTV cameras that allows unauthenticated users to export configuration data, which leads to the exposure of administrator credentials. Recommendations...

9.1CVSS5.8AI score0.00507EPSS
Exploits0References8
CVE
CVE
added 2026/03/26 5:5 p.m.16 views

CVE-2026-33469

Frigate (NVR) vulnerability CVE-2026-33469 affects version 0.17.0: an authenticated non-admin user can access the full unredacted configuration via /api/config/raw, exposing secrets (camera credentials, go2rtc stream credentials, MQTT passwords, proxy secrets, and other config.yml data). The issu...

6.5CVSS5.8AI score0.00246EPSS
Exploits1References1Affected Software1
ICS
ICS
added 2025/12/09 6:0 a.m.10 views

Multiple India-based CCTV Cameras (Update A)**

RISK EVALUATION Successful exploitation of this vulnerability could result in information disclosure including capture of camera account credentials. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

9.4CVSS7.6AI score0.00778EPSS
Exploits0References11
ICS
ICS
added 2025/11/06 7:0 a.m.8 views

Ubia Ubox (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely view camera feeds or modify settings. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

7.1CVSS5.5AI score0.0025EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/21 5:24 p.m.8 views

EUVD-2025-35202

The CloudEdge Cloud does not sanitize the MQTT topic input, which could allow an attacker to leverage the MQTT wildcard to receive all the messages that should be delivered to other users by subscribing to the a MQTT topic. In these messages, the attacker can obtain the credentials and key...

8.7CVSS6.1AI score0.00296EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 10:38 a.m.8 views

CVE-2024-12569

Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions...

7.8CVSS6AI score0.00145EPSS
Exploits0References1
Rows per page
Query Builder