7 matches found
EUVD-2026-36310
Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...
EUVD-2026-36138
Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...
CVE-2026-53737
Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...
CVE-2026-53737
CVE-2026-53737 affects Juicer (through 1.12.18). The vulnerability is a Stored Cross-Site Scripting (XSS) due to unescaped remote feed API response fields on the admin settings page; when the page loads, an attacker controlling the connected feed data can inject script that runs in an administrat...
PT-2026-48551
Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the connected feed data can inject script that executes in an administrator's browser when the settings page loads...
CVE-2013-7416
cantocurses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed...
CVE-2013-7416
CVE-2013-7416 affects canto_curses/guibase.py in Canto Curses prior to 0.9.0. The issue allows a remote feed server to execute arbitrary commands via shell metacharacters in a URL contained in a feed. CVSS v2 base score is 7.5 (HIGH) with network access, low attack complexity, and no authenticati...