CVE-2025-69988

BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the attacker gains access to the camera's private network interface and can retrieve sensitive information, including...

CVE-2025-69986

A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an...

CVE-2025-69986

A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport element. By sending a specially crafted SOAP request containing an oversized protocol string, an...

LSC Smart Connect Indoor IP Camera 安全漏洞

LSC Smart Connect Indoor IP Camera is a camera driver developed by LSC Smart Connect. Version 7.6.32 of the LSC Indoor Camera contains a security vulnerability. This vulnerability stems from the lack of verification of the length of the Protocol parameter within the Transport element. It may lead...

PT-2026-28304

Name of the Vulnerable Software and Affected Versions LSC Indoor Camera version 7.6.32 Description A buffer overflow issue exists in the ONVIF GetStreamUri function. The application does not properly check the length of the Protocol parameter within the Transport element. An attacker can exploit...

CVE-2026-29055

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline in Tandoor Recipes explicitly skips EXIF metadata stripping, image rescaling, and size validation for WebP and GIF image formats. A...

CVE-2026-29055

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline in Tandoor Recipes explicitly skips EXIF metadata stripping, image rescaling, and size validation for WebP and GIF image formats. A...

CVE-2026-33470 Frigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webp

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

CVE-2026-33470

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

CVE-2026-33470

Frigate NVR (version 0.17.0) contains an authorization flaw that lets a low-privileged, authenticated user access snapshots from cameras they are not authorized to view. The chain involves: (1) /api/timeline returning timeline entries for cameras outside the caller’s allowed set, and (2) /api/eve...

CVE-2026-33470 Frigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webp

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

CVE-2026-33469

Frigate (NVR) vulnerability CVE-2026-33469 affects version 0.17.0: an authenticated non-admin user can access the full unredacted configuration via /api/config/raw, exposing secrets (camera credentials, go2rtc stream credentials, MQTT passwords, proxy secrets, and other config.yml data). The issu...

CVE-2026-4476

A vulnerability was found in Yi Technology YI Home Camera 2 2.1.120171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a manipulation results in missing authentication. Access to the local network is required for this attack...

CVE-2026-4477

A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.120171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network. This attack is...

CVE-2024-51347

A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone TZ parameter within the ONVIF configuration interface. The time zone TZ parameter does not have its length properly validated before being copied into a...

CVE-2026-4478

A vulnerability was identified in Yi Technology YI Home Camera 2 2.1.120171024151200. This impacts an unknown function of the file home/web/ipc of the component HTTP Firmware Update Handler. The manipulation leads to improper verification of cryptographic signature. The attack is possible to be...

CVE-2026-4475

A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.120171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The exploit has been...

Frigate 安全漏洞

Frigate is a complete native NVR developed by Blake Blackshear, designed specifically for home assistants with AI object detection capabilities. Version 0.17.0 of Frigate contains a security vulnerability caused by an authorization chain issue, which may allow low-privilege users to access...

EUVD-2024-55500

A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone TZ parameter within the ONVIF configuration interface. The time zone TZ parameter does not have its length properly validated before being copied into a...

CVE-2024-51347

A buffer overflow vulnerability in the dgiot binary in LSC Smart Indoor IP Camera V7.6.32. The flaw exists in the handling of the Time Zone TZ parameter within the ONVIF configuration interface. The time zone TZ parameter does not have its length properly validated before being copied into a...