Lucene search
+L

7707 matches found

Nuclei
Nuclei
added 9 hours ago75 views

Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure

Reolink E1 Zoom camera through 3.0.0.716 is susceptible to information disclosure. The web server discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. An attacker with network-level access to the camera can can download the entire NGINX/FastCGI...

7.5CVSS7.5AI score0.03643EPSS
Exploits4References5
Nuclei
Nuclei
added 9 hours ago80 views

Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure

Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key RSA disclosure vulnerability. id: CVE-2021-40149 info: name: Reolink E1 Zoom Camera =3.0.0.716 - Private Key Disclosure author: For3stCo1d severity: medium description: | Reolink E1 Zoom Camera versions 3.0.0.716 and...

5.9CVSS6.9AI score0.07443EPSS
Exploits4References5
Nuclei
Nuclei
added 9 hours ago20 views

Tattile Camera < 1.181.5 - Default Login

Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...

9.8CVSS5.2AI score0.02663EPSS
Exploits3References1
Nuclei
Nuclei
added 9 hours ago22 views

BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure

Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability caused by improper validation of the 'READ.filePath' parameter in fileread script and SendCGICMD API, letting authenticated attackers read arbitrary system files. id: CVE-2019-25246 info: name: BEWARD...

8.8CVSS5.4AI score0.17393EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago29 views

NUUO Camera <=20250203 - OS Command Injection

NUUO Camera up to 20250203 contains a command injection caused by manipulation of the 'log' argument in /handleconfig.php, letting remote attackers execute arbitrary commands, exploit requires remote access. id: CVE-2025-1338 info: name: NUUO Camera =20250203 - OS Command Injection author: Ark...

7.5CVSS7.8AI score0.51091EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago81 views

Camtron CMNC-200 IP Camera - Directory Traversal

The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. id: CVE-2010-4231 info: name: Camtron CMNC-200 IP Camera - Directory Traversal author: daffainfo severity: high description: The CMNC-200 IP...

7.8CVSS8.4AI score0.09542EPSS
Exploits5References5
Nuclei
Nuclei
added 9 hours ago30 views

Genie Access WIP3BVAF IP Camera - Local File Inclusion

Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.X are vulnerable to local file inclusion via the web interface, as demonstrated by reading /etc/shadow. id: CVE-2019-7315 info: name: Genie Access WIP3BVAF IP Camera - Local File Inclusion author: 0xAkoko severity: hi...

7.5CVSS7.5AI score0.11198EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago29 views

SV3C HD Camera L Series - Open Redirect

SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtai...

6.1CVSS6.3AI score0.03125EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday53 views

VelotiSmart Wifi - Directory Traversal

VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80. id: CVE-2018-14064 info: name: VelotiSmart Wifi - Directory Traversal author: 0xAkoko severity: critical description: VelotiSmart WiFi B-380 camera...

9.8CVSS8.4AI score0.3757EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday85 views

HD-Network Realtime Monitoring System 2.0 - Local File Inclusion

Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential information. id: CVE-2021-45043 info: name: HD-Network Realtime Monitoring System 2.0 - Local File Inclusion...

7.5CVSS7.4AI score0.33133EPSS
Exploits1References5
Malwarebytes
Malwarebytes
added 2 days ago7 views

Shark vacuum flaw exposes cameras, home maps and Wi-Fi passwords

Shark’s cloud-connected robot vacuums are currently exposed by an unpatched AWS Amazon Web Services IoT Internet of Things policy flaw that could turn one compromised device into a remote-control skeleton key for many others in the same region, with access to cameras, maps, and Wi‑Fi passwords. A...

6AI score
Exploits0
Nuclei
Nuclei
added 2 days ago275 views

ZoneMinder Snapshots - Command Injection

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras.Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the...

9.8CVSS7.9AI score0.80462EPSS
Exploits11References5
Nuclei
Nuclei
added 2 days ago67 views

Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion

Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter. id: CVE-2009-1558 info: name: Cisco Linksys WVC54GCA 1.00R22/1.00R...

7.8CVSS5.5AI score0.28806EPSS
Exploits1References5
Nuclei
Nuclei
added 3 days ago118 views

D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure

D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure. id: CVE-2020-25078 info: name: D-Link DCS-2530L/DCS-2670L - Administrator...

7.5CVSS7.1AI score0.97901EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Google Chrome < 150.0.7871.128 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 150.0.7871.128. It is, therefore, affected by multiple vulnerabilities as referenced in the 202607stable-channel-update-for-desktop049796704 advisory. - Use after free in Aura. CVE-2026-15905 - Use after free in...

5.4AI score
Exploits0References15
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43546

Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit th...

7.5CVSS7.3AI score0.0026EPSS
Exploits0References2
NVD
NVD
added 6 days ago9 views

CVE-2026-15683

Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to...

7.5CVSS0.00096EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-15680 Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability

Lorex 2K Indoor Wi-Fi Security Camera CDeviceOperator Format String Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit th...

7.5CVSS0.0026EPSS
Exploits0References1
CVE
CVE
added 6 days ago8 views

CVE-2026-15680

CVE-2026-15680 affects Lorex 2K Indoor Wi‑Fi Security Camera. The vulnerability is in the sonia binary’s JSON request parsing, where lack of validation of a user‑supplied string used as a format specifier can allow a network‑adjacent attacker to execute arbitrary code with root privileges. Authen...

7.5CVSS7.3AI score0.0026EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-15683 Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability

Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to...

7.5CVSS0.00096EPSS
Exploits0References1
Rows per page
Query Builder