Vivotek IP7137 访问控制错误漏洞

The Vivotek IP7137 is an IP camera from China's VIVOTEK Communications Vivotek. An access control error vulnerability exists in the Vivotek IP7137 version 0200a, which originates from accessing the live camera feed via the RTSP protocol without authentication, which could lead to information...

CVE-2025-62721

LinkAce (self-hosted archive for website links) is affected by CVE-2025-62721. In versions ≤ 2.3.1, the authenticated RSS feed endpoints in the FeedController lack proper authorization, allowing any authenticated user to access all links, lists, and tags across all users. The issue is fixed in ve...

CVE-2025-54591 FreshRSS: Unauthenticated users can view default user's information

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in the FreshRSSAuth::hasAccess function used by some of the tag/feed related endpoints. FreshRSS controllers usually have a...

CVE-2022-37255

TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603...