CVE-2026-31978 motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint
motionEye mEye is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/id/preview/filename. Neither the API handlers, nor the...