Lucene search
K

99 matches found

Nuclei
Nuclei
added 11 hours ago65 views

MotionEye Config Info Disclosure

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured. id: CVE-2022-25568 info: name: MotionEye Config Info Disclosure author: DhiyaneshDK severity: high...

7.5CVSS6.9AI score0.06829EPSS
Exploits1References5
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-428 motionEye: Authentication possible via password hash

Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to...

9.1CVSS6AI score
Exploits0References5
NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-32315

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS0.02902EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 9:16 p.m.10 views

CVE-2026-31978

motionEye mEye is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/id/preview/filename. Neither the API handlers, nor the...

6.5CVSS0.00418EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 8:45 p.m.13 views

CVE-2026-32315

motionEye prior to 0.44.0 creates /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--) and per-camera camera-.conf with identical permissions, making the admin password hash and camera credentials readable by any local user. The SHA1 admin password hash can be cracked offline to plaintext...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 8:45 p.m.17 views

CVE-2026-32315 motionEye: World-Readable Configuration File Exposes Admin Password Hash

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS0.02902EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 8:45 p.m.5 views

CVE-2026-32315 motionEye: World-Readable Configuration File Exposes Admin Password Hash

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:28 p.m.5 views

CVE-2026-31978

motionEye mEye is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/id/preview/filename. Neither the API handlers, nor the...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/24 8:28 p.m.16 views

CVE-2026-31978

Summary: CVE-2026-31978 affects motionEye (pre-0.44.0). A path traversal flaw in the picture/movie preview endpoints (/picture/{id}/preview/{filename}) allows an authenticated, non-admin user to read arbitrary files on the host filesystem via the get_media_preview() path, since it doesn’t check f...

6.5CVSS5.9AI score0.00418EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 8:28 p.m.18 views

CVE-2026-31978 motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint

motionEye mEye is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/id/preview/filename. Neither the API handlers, nor the...

6.5CVSS0.00418EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 8:28 p.m.3 views

CVE-2026-31978 motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint

motionEye mEye is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/id/preview/filename. Neither the API handlers, nor the...

6.5CVSS6AI score0.00418EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 4:16 p.m.9 views

CVE-2026-55488

motionEye mEye is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fro...

8.7CVSS0.00623EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/24 3:3 p.m.4 views

EUVD-2026-38804

motionEye mEye is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fro...

8.7CVSS6AI score0.00623EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 3:3 p.m.28 views

CVE-2026-55488

CVE-2026-55488 (motionEye) is an absolute path traversal in motionEye prior to 0.44.0, affecting media file handlers that accept a user-controlled filename and build paths with os.path.join(). When an absolute path is provided, the target directory is ignored and the attacker-controlled path is u...

8.7CVSS6AI score0.00623EPSS
Exploits1References1
OSV
OSV
added 2026/06/24 3:3 p.m.3 views

CVE-2026-55488 motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

motionEye mEye is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fro...

8.7CVSS6AI score0.00623EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/24 3:3 p.m.39 views

CVE-2026-55488 motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

motionEye mEye is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fro...

8.7CVSS0.00623EPSS
Exploits1References1
OSV
OSV
added 2026/06/23 6:37 p.m.5 views

GHSA-J67X-Q29F-QCVV motionEye's missing authentication on ActionHandler allows unauthenticated camera action execution

Summary The ActionHandler.post method in motionEye has no authentication decorator, allowing any unauthenticated attacker to trigger camera actions including snapshots, recording start/stop, and configured action scripts PTZ controls, alarm triggers, etc.. Vulnerability Details File:...

5.3CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 6:32 p.m.9 views

motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS6AI score0.00623EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/23 6:32 p.m.3 views

GHSA-RW9Q-97R9-8GVH motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using os.path.join. When an absolute...

8.7CVSS6AI score0.00623EPSS
Exploits1References2
OSV
OSV
added 2026/06/22 8:59 p.m.4 views

GHSA-R3CW-C95M-WFH9 motionEye: Authentication possible via password hash

Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set or modified prior to...

9.1CVSS6AI score
Exploits0References2
Rows per page
Query Builder