CVE-2025-43450

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access...

CVE-2025-43450

CVE-2025-43450 describes a logic issue in Apple iOS/iPadOS where an app may learn information about the current camera view before being granted camera access. The issue is fixed in iOS 18.7.2 / iPadOS 18.7.2 and in iOS 26.1 / iPadOS 26.1. Affected products: iPhone XS and later, iPad Pro models, ...

CVE-2025-54323

Summary: CVE-2025-54323 describes an information leakage due to improper debug printing in the camera of Samsung Mobile Processor Exynos SoCs (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580). Affected components/versions: Samsung Exynos camera functionality across listed proc...

PT-2025-45019

Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor Exynos versions 980 through 990 Samsung Mobile Processor Exynos version 850 Samsung Mobile Processor Exynos versions 1080 through 1280 Samsung Mobile Processor Exynos versions 1330 through 1380 Samsung Mobile Processor...

CVE-2025-54323

An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Improper debug printing leads to information leakage...

CVE-2025-54323

An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Improper debug printing leads to information leakage...

PT-2025-44884

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An app may be able to learn information about the current camera view before being granted camera access...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to version 26.1 and Apple iPadOS prior to version 26.1, which stem...

PT-2025-45029

Name of the Vulnerable Software and Affected Versions Survision LPR Camera system affected versions not specified Description The Survision LPR Camera system lacks default password protection. This allows immediate access to the configuration wizard without requiring a login or checking...

motionEye vulnerable to RCE via unsanitized motion config parameter

Summary A command injection vulnerability in MotionEye allows attackers to achieve Remote Code Execution RCE by supplying malicious values in configuration fields exposed via the Web UI. Because MotionEye writes user-supplied values directly into Motion configuration files without sanitization,...

CVE-2025-12351

CVE-2025-12351 affects Honeywell S35 Series Cameras. The issue is an authorization bypass via the User controller key that could enable privilege escalation to admin-level functionalities. Affected products are S35 Pinhole/Kit Camera (versions prior to 2025.08.28), S35 AI Fisheye & Dual Sensor/Mi...

Louvre Jewel Heist

I assume I don't have to explain last week's Louvre jewel heist. I love a good caper, and have like many others eagerly followed the details. An electric ladder to a second-floor window, an angle grinder to get into the room and the display cases, security guards there more to protect patrons tha...

Honeywell S35 Series 安全漏洞

Honeywell S35 Series is a series of cameras from Honeywell USA. A security vulnerability exists in the Honeywell S35 Series that stems from an authorization bypass of the user controller key, which could result in elevated privileges...

CVE-2025-56438

An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card...

EUVD-2025-35857

An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card...

CVE-2025-53701

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...

CVE-2025-53702

Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...

CVE-2025-56438

The CVE describes a vulnerability in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82. The issue allows unauthenticated, physically proximate attackers to escalate privileges to root by supplying a crafted update.tar file stored on a FAT32 SD card. Affected component: firmwa...

CVE-2025-56438

An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card...

CVE-2025-53701 XSS vulnerability in Vilar VS-IPC1002 IP cameras

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...