CVE-2026-6824

A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life EoL TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to explo...

CVE-2026-0854

The CVE concerns Merit LILIN DVR/NVR devices that expose an OS Command Injection vulnerability. The affected component is the device OS on Merit LILIN DVR/NVR models; the root cause is an OS command injection vector that allows an authenticated remote attacker to inject and run arbitrary OS comma...

CVE-2026-0853

Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...

PT-2026-2043

Name of the Vulnerable Software and Affected Versions A-Plus Video Technologies NVR models affected versions not specified Description A security issue exists in certain NVR models developed by A-Plus Video Technologies that allows unauthenticated remote attackers to access the debug page...

Merit LILIN DVR Series和Merit LILIN NVR Series 操作系统命令注入漏洞

The Merit LILIN DVR Series and Merit LILIN NVR Series are both products of Merit LILIN Corporation of Taiwan, China.The Merit LILIN DVR Series is a series of digital video recorders.The Merit LILIN NVR Series is a series of network video recorders. The Merit LILIN DVR Series and Merit LILIN NVR...

CVE-2022-35733

Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier allows a remote unauthenticated attacker to execute an arbitrary OS...

CVE-2024-41929

Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

PT-2025-53326

Name of the Vulnerable Software and Affected Versions Rifatron 5brid DVR versions HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504 Description The Rifatron 5brid DVR contains a flaw in the animate.cgi script that permits unauthorized access to live video streams. An attacker can leverage th...

CVE-2025-66173

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted...

CVE-2025-66174

There is an improper authentication vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and run a series of commands...

EUVD-2018-7742

Malware in sbrugna...

EUVD-2019-8026

Malware in sbrugna...

EUVD-2013-3546

Malware in sbrugna...

EUVD-2025-19573

Malicious code in bioql PyPI...

EUVD-2022-38607

Malicious code in bioql PyPI...

EUVD-2025-11854

Malicious code in bioql PyPI...

EUVD-2025-19572

Malicious code in bioql PyPI...

PT-2025-37300

Name of the Vulnerable Software and Affected Versions: Digiever NVR affected versions not specified Description: Certain models of NVR developed by Digiever have an OS Command Injection vulnerability. This allows remote attackers to inject arbitrary OS commands and execute them on the device. Som...

DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks

A 22-year-old man from the U.S. state of Oregon has been charged with allegedly developing and overseeing a distributed denial-of-service DDoS-for-hire botnet called RapperBot. Ethan Foltz of Eugene, Oregon, has been identified as the administrator of the service, the U.S. Department of Justice D...