CVE-2025-47387 Untrusted Pointer Dereference in Camera

Memory Corruption when processing IOCTLs for JPEG data without verification...

CVE-2025-47387

CVE-2025-47387 relates to memory corruption when processing unverified JPEG IOCTL data in Qualcomm embedded platform firmware. The issue affects the IOCTL path handling JPEG data, caused by unverified input leading to memory corruption with potential for impact on confidentiality, integrity, and ...

Allsky Camera 安全漏洞

Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2024.12.0606, which originates from path traversal and could lead to arbitrary command execution...

Ningyuanda TC155 安全漏洞

Ningyuanda TC155 is an IP camera from the Chinese company Ningyuanda. A security vulnerability exists in Ningyuanda TC155 version 57.0.2.0, which originates from improper operation of the RTSP service component and may result in a denial of service...

Ningyuanda TC155 访问控制错误漏洞

The Ningyuanda TC155 is an IP camera from the Chinese company Ningyuanda. An access control error vulnerability exists in the Ningyuanda TC155 version 57.0.2.0, which stems from improper access control of the ONVIF PTZ control interface component, which could lead to unauthorized access...

Ningyuanda TC155 访问控制错误漏洞

The Ningyuanda TC155 is an IP camera from the Chinese company Ningyuanda. An access control error vulnerability exists in the Ningyuanda TC155 version 57.0.2.0, which stems from improper access control of the ONVIF Device Management Service component, which could lead to unauthorized access...

Friday Squid Blogging: Giant Squid Eating a Diamondback Squid

I have no context for this video--it's from Reddit--but one of the commenters adds some context: Hey everyone, squid biologist here! Wanted to add some stuff you might find interesting. With so many people carrying around cameras, we're getting more videos of giant squid at the surface than in...

CVE-2025-36889

In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36889

In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36889

In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36889

In onCreateTasks of CameraActivity.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36889

CVE-2025-36889 is a local information-disclosure vulnerability affecting Google Pixel devices in the Camera2 path. The issue arises in onCreateTasks of CameraActivity.java where a permission bypass due to a confused deputy could allow information disclosure without requiring additional execution ...

CVE-2025-13607

A malicious actor can access camera configuration information, including account credentials, without authenticating when accessing a vulnerable URL...

New ‘DroidLock’ Android Malware Locks Users Out, Spies via Front Camera

Zimperium zLabs reveals DroidLock, a new Android malware acting like ransomware that can hijack Android devices, steal credentials via phishing, and stream your screen via VNC...

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

EUVD-2025-202636

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

EUVD-2025-202608

Command injection vulnerabilities in Aqara Camera Hub G3 4.1.90027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset...

EUVD-2025-202609

Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 allows attackers to execute arbitrary commands with root privileges through malicious domain names...

EUVD-2025-202635

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

EUVD-2025-202606

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...