Tattile Cameras 1.181.5 Unauthenticated RTSP Stream Disclosure

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

CVE-2019-12775

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. Furthermore, the user account that controls the web...

EUVD-2025-12429

Malicious code in bioql PyPI...

CVE-2019-14356

On Coldcard MK1 and MK2 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be...

CVE-2025-3982

A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/objectnodes/getsetpropmk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of...

CVE-2025-3982 nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution

A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/objectnodes/getsetpropmk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of...

CVE-2025-3982

CVE-2025-3982 affects nortikin Sverchok 1.3.0. The vulnerability lies in SvSetPropNodeMK2 (file sverchok/nodes/object_nodes/getsetprop_mk2.py, Set Property Mk2 Node), enabling prototype pollution with remote exploit potential. Public exploit disclosed; vendor contacted but no response. Connected ...

Sverchok 安全漏洞

Sverchok is an application by nikitron Personal Developer. A security vulnerability exists in Sverchok version 1.3.0, which stems from prototype contamination in the function SvSetPropNodeMK2 in the file sverchok/nodes/objectnodes/getsetpropmk2.py...

ENTTEC Lighting Controllers (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendor: ENTTEC Equipment: Datagate Mk2, Storm 24, Pixelator, E-Streamer Mk2 Vulnerabilities: Use of Hard-coded Cryptographic Key, Cross-site Scripting, Improper Access Control...

CVE-2019-14356

CVE-2019-14356 affects Coldcard MK1 and MK2 devices. A side-channel in the OLED row-based display lets an attacker who can control or monitor USB power measurements during times secrets are shown partially recover display contents, potentially exposing PINs and BIP39 mnemonics. The vulnerability ...

CVE-2019-12774

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...

Cross site scripting

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...

CVE-2019-12774

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...

Authentication flaw

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They allow high-privileged root access by www-data via sudo without requiring appropriate access control. Furthermore, the user account that controls the web...

CVE-2019-12777

CVE-2019-12777 affects ENTTEC Datagate Mk2, Storm 24, Pixelator, and E-Streamer Mk2 firmware 70044_update_05032019-482, where startup scripts replace secure directory permissions with permissive rwxrwxrwx on /usr, /usr/local, /usr/local/dmxis, and /usr/local/bin. This is an Incorrect Permission A...

CVE-2019-12776

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They include a hard-coded SSH backdoor for remote SSH and SCP access as the root user. A command in the relocate and relocaterevB scripts copies the hardcoded key to...

CVE-2019-12775

CVE-2019-12775 affects ENTTEC Datagate Mk2, Storm 24, Pixelator (firmware 70044_update_05032019-482 and prior). The issue enables high-privileged root access via sudo for the www-data/web-app user without proper access control, potentially allowing execution of high-privilege binaries/assets pres...

CVE-2019-12774

A number of stored XSS vulnerabilities have been identified in the web configuration feature in ENTTEC Datagate Mk2 70044update05032019-482 that could allow an unauthenticated threat actor to inject malicious code directly into the application. This affects, for example, the Profile Description...

CVE-2019-12774

CVE-2019-12774 is a stored XSS vulnerability in ENTTEC Datagate Mk2 Web Configuration (70044_update_05032019-482). The issue allows an unauthenticated attacker to inject code via fields such as Profile Description in the Profile Editor. Affected product line includes Datagate Mk2 (and related dev...

Race condition

ENTTEC Datagate MK2, Storm 24, Pixelator all firmware versions prior to 70044,70050,70060update05032019-482 allows an unauthenticated user to initiate a remote reboot, which may be used to cause a denial of service condition...