Lucene search
K

156 matches found

Nuclei
Nuclei
added 5 hours ago141 views

Frigate < 0.13.0 Beta 3 - Cross-Site Scripting

Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both kn...

4.7CVSS6.2AI score0.01425EPSS
Exploits1References3
NVD
NVD
added 6 days ago7 views

CVE-2026-54652

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...

8.1CVSS0.00231EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-54652 Frigate viewer can read logs exposing admin and camera credentials

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...

8.1CVSS0.00231EPSS
Exploits0References3
CVE
CVE
added 6 days ago10 views

CVE-2026-54652

Frigate (v0.17.1) exposes credentials via GET /api/logs/{service} for authenticated users including viewer role, allowing download of Frigate and nginx logs that contain admin passwords and camera credentials in query strings. Root cause: log exposure through an endpoint access with insufficient ...

8.1CVSS5.9AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42287

Frigate is an open source network video recorder. In version 0.17.1, the GET /api/logs/service endpoint allows any authenticated user including the viewer role to download Frigate and nginx logs, exposing auto-generated admin passwords and camera credentials logged in request query strings and...

8.1CVSS5.9AI score0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-342 Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...

9.3CVSS5.8AI score0.00767EPSS
Exploits0References12
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.74 views

📄 Frigate NVR 0.16.3 Remote Code Execution

Frigate NVR version 0.16.3 proof of concept remote code execution exploit written in Python. Exploit Title: Frigate NVR 0.16.3 - Remote Code Execution Date: 2026-02-05 Exploit Author: jduardo2704 Vendor Homepage: https://frigate.video/ Software Link: https://github.com/blakeblackshear/frigate...

9.1CVSS6.4AI score0.02874EPSS
Exploits8
Exploit DB
Exploit DB
added 2026/04/30 12:0 a.m.74 views

Frigate NVR 0.16.3 - Remote Code Execution

Exploit Title: Frigate NVR 0.16.3 - Remote Code Execution Date: 2026-02-05 Exploit Author: jduardo2704 Vendor Homepage: https://frigate.video/ Software Link: https://github.com/blakeblackshear/frigate Version: = 0.16.3 Tested on: Linux / Docker CVE: CVE-2026-25643 Advisory:...

9.1CVSS5.2AI score0.02874EPSS
Exploits8
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.4 views

CVE-2026-33470

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

6.5CVSS5.9AI score0.00305EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 5:9 p.m.4 views

CVE-2026-33469

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through /api/config/raw. This exposes sensitive values that are intentionally redacted from /api/config,...

6.5CVSS5.9AI score0.00246EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 5:16 p.m.7 views

CVE-2026-33469

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through /api/config/raw. This exposes sensitive values that are intentionally redacted from /api/config,...

6.5CVSS0.00246EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 5:16 p.m.4 views

CVE-2026-33470

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

6.5CVSS0.00305EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 5:6 p.m.3 views

CVE-2026-33470

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

6.5CVSS5.8AI score0.00305EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/26 5:6 p.m.21 views

CVE-2026-33470 Frigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webp

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

6.5CVSS0.00305EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/26 5:6 p.m.2 views

CVE-2026-33470 Frigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webp

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

6.5CVSS5.8AI score0.00305EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 5:6 p.m.4 views

EUVD-2026-16267

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from other cameras. This is possible through a chain of two authorization problems: /api/timeline return...

6.5CVSS5.8AI score0.00305EPSS
Exploits1References1
CVE
CVE
added 2026/03/26 5:6 p.m.12 views

CVE-2026-33470

Frigate NVR (version 0.17.0) contains an authorization flaw that lets a low-privileged, authenticated user access snapshots from cameras they are not authorized to view. The chain involves: (1) /api/timeline returning timeline entries for cameras outside the caller’s allowed set, and (2) /api/eve...

6.5CVSS5.8AI score0.00305EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 5:5 p.m.3 views

CVE-2026-33469 Authenticated Frigate users can read the full unredacted configuration via `/api/config/raw

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through /api/config/raw. This exposes sensitive values that are intentionally redacted from /api/config,...

6.5CVSS5.8AI score0.00246EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/26 5:5 p.m.24 views

CVE-2026-33469 Authenticated Frigate users can read the full unredacted configuration via `/api/config/raw

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through /api/config/raw. This exposes sensitive values that are intentionally redacted from /api/config,...

6.5CVSS0.00246EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/26 5:5 p.m.5 views

EUVD-2026-16266

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration through /api/config/raw. This exposes sensitive values that are intentionally redacted from /api/config,...

6.5CVSS5.8AI score0.00246EPSS
Exploits1References1
Rows per page
Query Builder