CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2025/12/31 7:15 p.m.•3 views

CVE-2020-36903

Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root...

8.5CVSS0.00017EPSS

Cvelist•added 2025/12/31 6:39 p.m.•22 views

CVE-2020-36903 Selea CarPlateServer 4.0.1.6 Local Privilege Escalation via Unquoted Service Path

8.5CVSS0.00017EPSS

Vulnrichment•added 2025/12/31 6:39 p.m.•3 views

CVE-2020-36903 Selea CarPlateServer 4.0.1.6 Local Privilege Escalation via Unquoted Service Path

8.5CVSS6.6AI score0.00017EPSS

CNNVD•added 2025/12/31 12:0 a.m.•3 views

Selea CarPlateServer 代码问题漏洞

Selea CarPlateServer is a license plate recognition software from the Italian company Selea. A code issue vulnerability exists in Selea CarPlateServer version 4.0.1.6, which stems from the presence of unquoted service paths in the Windows service configuration, which could lead to code execution...

8.5CVSS7.1AI score0.00017EPSS

Positive Technologies•added 2025/12/31 12:0 a.m.•2 views

PT-2025-54418

Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO LIST EXE PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration,...

9.3CVSS7.9AI score0.00098EPSS

Exploits1References5

Positive Technologies•added 2025/12/31 12:0 a.m.•3 views

PT-2025-54417

8.5CVSS7AI score0.00017EPSS

Exploits1References5

RedhatCVE•added 2025/12/10 9:16 p.m.•4 views

CVE-2021-47728

Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local...

9.3CVSS8.3AI score0.01618EPSS

Exploits1References1

RedhatCVE•added 2025/12/10 9:16 p.m.•3 views

CVE-2021-47730

Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user...

8.5CVSS6.8AI score0.00079EPSS

Exploits1References1

5.1CVSS5.8AI score0.00048EPSS

EUVD-2021-34741

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'fileslist' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/getfile.php with crafted payload to execute arbitrary scripts in victim's...

EUVD•added 2025/12/09 9:31 p.m.•2 views

EUVD-2021-34740

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite...

9.3CVSS6.6AI score0.00106EPSS

9.3CVSS7.8AI score0.01618EPSS

EUVD-2021-34742

8.5CVSS6.3AI score0.00079EPSS

EUVD-2021-34739

8.7CVSS6.5AI score0.0015EPSS

EUVD-2021-34743

Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p1.mjpg or p1.264 to view camera footage...