CVE-2025-31703

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

XSS due to lack of CSRF validation for replying/publishing

Impact Due to lack of CSRF validation, a logged in user is potentially vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. Patches Upgrade to the latest version v0.7.0 Workarounds You can cherry-pick the following commit:...