CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

796 matches found

CVE-2026-12847

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS6.2AI score

Exploits0References2

Nuclei•added yesterday•15 views

QVIS NVR/DVR - Remote Code Execution

QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. id: CVE-2021-41419 info: name: QVIS NVR/DVR - Remote Code Execution author: me9187 severity: critical description: | QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java...

9.8CVSS7.4AI score0.06812EPSS

Exploits1References2

Nuclei•added yesterday•504 views

Argus Surveillance DVR 4.0.0.0 - Local File Inclusion

Argus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. id: CVE-2018-15745 info: name: Argus Surveillance DVR 4.0.0.0 - Local File Inclusion author: gy741 severity: high description: |...

7.5CVSS7.1AI score0.97709EPSS

Exploits4References5

Nuclei•added 2 days ago•78 views

TVT DVR Sensitive Device - Information Disclosure

A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5LMM and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. id: CVE-2024-7339...

6.9CVSS5.1AI score0.32028EPSS

Exploits2References5

GithubExploit•added 2026/05/26 12:57 p.m.•70 views

Exploit for CVE-2020-25078

ABYSS C2 — HiSilicon DVR Exploit Framework ⚠️ EDUCATIONAL...

7.5CVSS7.6AI score0.97901EPSS

Exploits4

NVD•added 2026/05/10 1:16 p.m.•5 views

CVE-2021-47945

Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be executed with LocalSystem...

8.5CVSS0.00109EPSS

Exploits0References2

Vulnrichment•added 2026/05/10 12:44 p.m.•10 views

CVE-2021-47945 Argus Surveillance DVR 4.0 Unquoted Service Path Privilege Escalation

8.5CVSS5.8AI score0.00109EPSS

Exploits0References2

ATTACKERKB•added 2026/05/10 12:44 p.m.•13 views

CVE-2021-47945

8.5CVSS5.8AI score0.00109EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/10 12:44 p.m.•33 views

CVE-2021-47945 Argus Surveillance DVR 4.0 Unquoted Service Path Privilege Escalation

8.5CVSS0.00109EPSS

Exploits0References2

Positive Technologies•added 2026/05/10 12:0 a.m.•6 views

PT-2026-39519

8.5CVSS5.8AI score0.00109EPSS

Exploits0References3

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: A possible memory leak has been fixed in stmmacdvrprobe. The bitmapfree function should be called to release priv-afxdpzcqps when createsinglethreadworkqueue fails. Otherwise, a memory leak will occur. Therefore, we...

5.2AI score0.002EPSS

Exploits0References1

RedhatCVE•added 2026/03/30 5:6 p.m.•3 views

CVE-2026-34005

In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...

8.8CVSS5.9AI score0.01539EPSS

Exploits0References1

ATTACKERKB•added 2026/03/29 5:2 p.m.•2 views

CVE-2026-34005

8.8CVSS5.9AI score0.01539EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/03/29 5:2 p.m.•2 views

CVE-2026-34005

8.8CVSS5.9AI score0.01539EPSS

Exploits0References2

RedhatCVE•added 2026/03/26 3:3 p.m.•3 views

CVE-2026-23667

Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally...

7CVSS5.8AI score0.00299EPSS

Exploits0References1

OSV•added 2026/03/23 1:51 p.m.•3 views

CVE-2026-33351 AVideo has Unauthenticated SSRF via `webSiteRootURL` Parameter in saveDVR.json.php, Chaining to Verification Bypass

WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery SSRF vulnerability exists in plugin/Live/standAloneFiles/saveDVR.json.php. When the AVideo Live plugin is deployed in standalone mode the intended configuration for this file, the...

9.1CVSS5.9AI score0.00431EPSS

Exploits1References4

Snyk•added 2026/03/19 7:13 p.m.•4 views

Server-side Request Forgery (SSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webSiteRootURL parameter in the saveDVR.json.php endpoint. An attacker can cause the server to make arbitrary HTTP request...

9.1CVSS5.9AI score0.00431EPSS

Exploits1References2

SUSE CVE•added 2026/03/19 12:27 a.m.•2 views

SUSE CVE-2026-23253

In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvbdvropen calls dvbringbufferinit when a new reader opens the DVR device. dvbringbufferinit calls initwaitqueuehead, which reinitializes the waitqueue list head...

5.5CVSS5.8AI score0.00129EPSS

Exploits0References16