Lucene search
K

50 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-51597

MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without...

9.1CVSS0.00372EPSS
Exploits0References1
CVE
CVE
added 6 days ago8 views

CVE-2026-51598

CVE-2026-51598 affects MERCURY MIPC252W IP Camera (RTSP service) with firmware v1.0.5 Build 230306 Rel.79931n. The issue is an input validation vulnerability in the RTSP service that allows an unauthenticated, network-adjacent attacker to cause a denial of service by sending a crafted DESCRIBE re...

6.5CVSS6AI score0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-51598

An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line...

0.00177EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/06/01 10:3 a.m.30 views

Security update for wireshark

This update for wireshark fixes the following issues CVE-2026-5401: AFP dissector crash bsc1263756. CVE-2026-5403: SBC audio codec crash bsc1263765. CVE-2026-5404: K12 RF5 file parser crash bsc1263766. CVE-2026-5405: RDP dissector crash bsc1263767. CVE-2026-5406: FC-SWILS dissector crash...

8.8CVSS6.7AI score0.00206EPSS
Exploits29References116
ATTACKERKB
ATTACKERKB
added 2026/05/19 6:43 p.m.13 views

CVE-2026-41470

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

8.2CVSS5.8AI score0.00486EPSS
Exploits0References4
OSV
OSV
added 2026/05/05 6:27 p.m.5 views

GHSA-V8H7-RR48-VMMV Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection

Summary Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same...

5.3CVSS5.9AI score0.00307EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/04 10:13 a.m.6 views

CVE-2026-6526

A flaw was found in Wireshark, a network protocol analyzer. By processing a specially crafted Real-Time Streaming Protocol RTSP packet, a remote attacker could cause the Wireshark application to crash, leading to a denial of service. This vulnerability affects the RTSP protocol dissector...

6.5CVSS5.8AI score0.00124EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/04/30 5:34 a.m.7 views

CVE-2026-6526

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

5.5CVSS5.2AI score0.00124EPSS
Exploits1
EUVD
EUVD
added 2026/04/30 5:34 a.m.5 views

EUVD-2026-26333

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

5.5CVSS5.1AI score0.00124EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 5:34 a.m.2 views

CVE-2026-6526

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

5.5CVSS5.2AI score0.00124EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/30 5:34 a.m.33 views

CVE-2026-6526 NULL Pointer Dereference in Wireshark

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

5.5CVSS0.00124EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/04/30 12:0 a.m.28 views

CVE-2026-6526

RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4...

5.5CVSS5.8AI score0.00124EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.14 views

PT-2026-35509

Name of the Vulnerable Software and Affected Versions Mercury MIPC252W version 1.0.5 Build 230306 Rel.79931n Description A handling issue in the RTSP Real Time Streaming Protocol service allows an authenticated attacker to trigger session termination. By repeatedly sending SETUP requests for the...

4.4CVSS5.8AI score0.00247EPSS
Exploits1References6
CVE
CVE
added 2026/04/27 12:0 a.m.12 views

CVE-2026-35903

CVE-2026-35903 affects Mercury MIPC252W IP camera (1.0.5 Build 230306 Rel.79931n). The RTSP service has improper authentication: after a successful Digest authentication in an initial DESCRIBE, the device does not verify the Digest response in later RTSP requests within the same session. Conseque...

9.8CVSS5.3AI score0.00487EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.10 views

PT-2025-53361

FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without...

8.7CVSS7.1AI score0.00409EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:56 a.m.16 views

CVE-2024-42531

Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect the camera feed. NOTE: the vendor's perspective is that the Anonymous120386 sample code can establi...

9.8CVSS7.2AI score0.00567EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:23 a.m.8 views

CVE-2024-51362

The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...

6.5CVSS6.5AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2024/11/05 5:15 p.m.34 views

CVE-2024-51362

The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...

6.5CVSS0.00295EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/05 12:0 a.m.14 views

CVE-2024-51362

The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed,...

6.5AI score0.00295EPSS
Exploits0References1
CVE
CVE
added 2024/11/05 12:0 a.m.50 views

CVE-2024-51362

The CVE-2024-51362 entry affects LSC Smart Connect Indoor IP Camera V7.6.32. The Red Hat NVD references and other sources confirm an information-disclosure flaw where live footage can be accessed via RTSP on port 8554 without authentication, enabling unauthorized network access to the camera feed...

6.5CVSS6.5AI score0.00295EPSS
Exploits0References1
Rows per page
Query Builder