Lucene search
K

819 matches found

Nuclei
Nuclei
added 12 hours ago13 views

Schneider Electric U.motion Builder - SQL Injection

The vulnerability exists within processing of trackimportexport.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the objectid input parameter. id: CVE-2018-7765 info: name: Schneider Electric U.motion...

8.8CVSS7.1AI score0.02917EPSS
Exploits3References2
OSSF Malicious Packages
OSSF Malicious Packages
added 16 hours ago5 views

Malicious code in motion-pull (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e50d15810c044b3b0355460fdeacea42d89944d351e74bcce9fd976f91915ea [email protected] impersonates the pino logger exports module.exports.pino = middleware, uses logger-themed keywords, ships a ./pino require target...

6.5AI score
Exploits0References2
OSV
OSV
added 16 hours ago3 views

MAL-2026-10534 Malicious code in motion-pull (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e50d15810c044b3b0355460fdeacea42d89944d351e74bcce9fd976f91915ea [email protected] impersonates the pino logger exports module.exports.pino = middleware, uses logger-themed keywords, ships a ./pino require target...

6.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.9 views

Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25787)

Affected devices do not properly validate and sanitize Technology Object TO name rendered on the 'Motion Control Diagnostics' page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...

9.3CVSS7.2AI score0.0037EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-428 motionEye: Authentication possible via password hash

Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to...

9.1CVSS6AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:46 p.m.10 views

Malicious code in motion-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dec07d83d6427eb2c76e0ab74e5f31f424e769c187e6d48df0de3575df2e176 [email protected] masquerades as a pino-style logger exports module.exports.pino, ships proto.js/multistream.js/transport.js/redaction.js/levels.js,...

6.5AI score
Exploits0References2
OSV
OSV
added 2026/06/16 7:46 p.m.8 views

MAL-2026-5925 Malicious code in motion-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dec07d83d6427eb2c76e0ab74e5f31f424e769c187e6d48df0de3575df2e176 [email protected] masquerades as a pino-style logger exports module.exports.pino, ships proto.js/multistream.js/transport.js/redaction.js/levels.js,...

6.5AI score
Exploits0References2
CVE
CVE
added 2026/06/15 12:0 a.m.16 views

CVE-2025-55652

GPAC MP4Box v2.4 is affected by a heap buffer overflow in gf_isom_vp_config_new (isomedia/avc_ext.c), enabling DoS via a crafted MP4 file. This is documented across multiple sources (CVE-2025-55652, EUVD-2025-210150, NVD, CVELIST, etc.). The vulnerability details specify the vulnerable function a...

5.5CVSS5.6AI score0.00202EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.19 views

GPAC MP4Box 处理逻辑错误漏洞

GPAC is an open-source multimedia framework developed by GPAC. Version 2.4 of GPAC contains a security vulnerability. This vulnerability stems from a floating-point exception in the gfopusparsepacketheader function, which could allow attackers to cause denial-of-service attacks through specially...

6.5CVSS5.9AI score0.00296EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/06/08 6:21 p.m.8 views

res (>=0.2.0 <=0.3.0), scroller-motion (>=0.0.1-beta.2 <=0.0.1-beta.3) potentially affected by CVE-2026-42890 via actual (>=0.2.0 <=0.4.0)

actual NPM version =0.2.0, =0.2.0, =0.0.1-beta.2, =0.0.1-beta.3 Source cves: CVE-2026-42890 Source advisory: OSV:GHSA-7RVM-XJPP-63R9...

4.8CVSS5.5AI score0.00126EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.11 views

CVE-2026-25787

Affected devices do not properly validate and sanitize Technology Object TO name rendered on the "Motion Control Diagnostics" page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the...

9.3CVSS7.8AI score0.0037EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-33359

In Meari IoT Cloud alert image storage on Alibaba OSS latest observed; storage service version not disclosed, motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected operational windows...

7.5CVSS5.5AI score0.00293EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.11 views

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

6.3CVSS6.5AI score0.00322EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 4:16 p.m.20 views

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

6.3CVSS0.00322EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 12:0 a.m.8 views

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

6.3CVSS6.5AI score0.00322EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Vivotek VIVOTEK FD8136-VVTK 安全漏洞

Vivotek VIVOTEK FD8136-VVTK is a super-miniature fixed dome network camera firmware developed by Vivotek Corporation. The Vivotek VIVOTEK FD8136-VVTK 0300a version contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the motionprivacy.cgi binary file. When t...

6.3CVSS6.4AI score0.00322EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/02 12:0 a.m.13 views

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

6.5AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 12:0 a.m.46 views

CVE-2026-35716

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

0.00322EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:0 a.m.18 views

EUVD-2026-33969

A stack-based buffer overflow in the motionprivacy.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via an oversized n1 parameter in a POST request to the /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or...

6.5AI score0.00322EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 12:0 a.m.20 views

CVE-2026-35716

CVE-2026-35716 describes a stack-based buffer overflow in the motion_privacy.cgi binary of VIVOTEK FD8136 firmware (FD8136-VVTK-0300a). The issue occurs when an oversized n1 parameter in a POST request to endpoints /cgi-bin/admin/setpm.cgi, /cgi-bin/admin/setmd.cgi, or /cgi-bin/admin/setmd_profil...

6.3CVSS6.5AI score0.00322EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder