KMW CCTV Security Cameras 安全漏洞

KMW CCTV Security Cameras are a series of video surveillance cameras produced by the Romanian company KMW. KMW CCTV Security Cameras have security vulnerabilities, which stem from unauthenticated password resets. This could allow attackers to remotely reset administrator passwords and gain full...

GHSA-HW27-4V2Q-5QFF Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *

Summary The SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard regardless of the caller's Origin. Because EventSource does not preflight and does not send cookies, the wildcard is sufficient to let any third-party page the developer visits open a...

OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

Summary OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the LeftSiblingID / RightSiblingID chain causes Storage.EnumerateEntries and Storage.OpenStream to loop indefinitely, consuming the calling thre...

CVE-2026-31950

LibreChat exposes an IDOR in SSE stream subscriptions. In versions 0.8.2-rc2 through 0.8.2-rc3, the endpoint /api/agents/chat/stream/:streamId does not verify stream ownership, allowing any authenticated user who guesses or obtains a valid streamId to subscribe and read another user’s real-time c...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the logs and logs-stream endpoints. An attacker can access sensitive application log data by authenticating with basic user privileges, as these endpoints do not enforce privilege checks. Remediation There is n...

pypdf 安全漏洞

pypdf is py-pdf open source a free open source pure python PDF library . The ability to split, merge, crop and convert pages of a PDF file. A security vulnerability exists in pypdf versions prior to 6.0.0, which stems from the fact that a malicious PDF could lead to RAM exhaustion, affecting...

CVE-2013-4985

Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream...

CVE-2025-1881 i-Drive i11/i12 Video Footage/Live Video Stream access control

A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can be launched remotel...

Longse NVR Security Vulnerability

Longse NVR is a series of network video recorders from China-based Longse Technology Longse. A security vulnerability exists in the Longse NVR that stems from transmitting a user's login and password to a remote control service without the use of any encryption, allowing an attacker to eavesdrop ...

openSUSE: Security Advisory for pipewire (SUSE-SU-2023:3097-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Input validation

Improper file stream access in /desktopapp/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmpurl"...

CVE-2023-1718

Bitrix24 22.0.300 is affected by an improper file stream access in /desktop_app/file.ajax.php?action=uploadfile, enabling unauthenticated remote attackers to cause a denial-of-service via a crafted tmp_url. The issue appears to be a loop with an inaccessible exit condition in the desktop app file...

CVE-2023-1718 Bitrix24 Denial-of-Service (DoS) via Improper File Stream Access

Improper file stream access in /desktopapp/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmpurl"...

CVE-2023-1718 Bitrix24 Denial-of-Service (DoS) via Improper File Stream Access

Improper file stream access in /desktopapp/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmpurl"...

SUSE-SU-2023:3257-1 Security update for pipewire

This update for pipewire fixes the following security issues: - Fixed issue where an app which only has permission to access one stream can also access other streams bsc1213682. Bugfixes: - Fixed division by 0 and other issues with invalid values glfopipewire/pipewire2953 - Fixed an overflow...

SUSE-SU-2023:3256-1 Security update for pipewire

This update for pipewire fixes the following security issues: - Fixed issue where an app which only has permission to access one stream can also access other streams bsc1213682. Bugfixes: - Fixed division by 0 and other issues with invalid values glfopipewire/pipewire2953 - Fixed an overflow...

SUSE-SU-2023:3185-1 Security update for pipewire

This update for pipewire fixes the following security issues: - Fixed issue where an app which only has permission to access one stream can also access other streams bsc1213682. Bugfixes: - Fixed division by 0 and other issues with invalid values glfopipewire/pipewire2953 - Fixed an overflow...

PT-2023-36242 · Pipewire · Pipewire

Name of the Vulnerable Software and Affected Versions: pipewire affected versions not specified Description: The issue allows an app with permission to access one stream to also access other streams. This is a security concern as it bypasses intended access restrictions. Additionally, there were...

SUSE-SU-2023:3097-1 Security update for pipewire

This update for pipewire fixes the following security issues: - Fixed issue where an app which only has permission to access one stream can also access other streams bsc1213682. Bugfixes: - Fixed division by 0 and other issues with invalid values glfopipewire/pipewire2953 - Fixed an overflow...

PT-2023-36239 · Pipewire · Pipewire

Name of the Vulnerable Software and Affected Versions: pipewire affected versions not specified Description: The issue allows an app with permission to access one stream to also access other streams. This is a security concern as it bypasses intended access controls. Additionally, there were fixe...