CVE-2026-20759

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low"monitoring user" or higher privilege to execute an arbitrary OS command...

CVE-2026-20894

Cross-site scripting vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If an attacking administrator configures the affected product with some malicious input, an arbitrary script may be executed on the web browser of a victim administrator who accesse...

CVE-2026-22876

Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If this vulnerability is exploited, arbitrary files on the affected product may be retrieved by a logged-in user with the low"monitoring user" or higher privilege...

CVE-2026-22876

Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If this vulnerability is exploited, arbitrary files on the affected product may be retrieved by a logged-in user with the low"monitoring user" or higher privilege...

CVE-2026-22876

Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If this vulnerability is exploited, arbitrary files on the affected product may be retrieved by a logged-in user with the low"monitoring user" or higher privilege...

CVE-2026-20894

CVE-2026-20894 affects TOA Corporation’s Network Cameras TRIFORA 3 series. The vulnerability is a Cross-site scripting (CWE-79) in the web interface, triggered when an attacking administrator submits malicious input on the setting screen. A logged-in user with high privileges can cause a victim a...

CVE-2026-20759

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low"monitoring user" or higher privilege to execute an arbitrary OS command...

CVE-2026-20759

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low"monitoring user" or higher privilege to execute an arbitrary OS command...

CVE-2026-20759

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low"monitoring user" or higher privilege to execute an arbitrary OS command...

Multiple Vulnerabilities in TOA Network Cameras TRIFORA 3 series

Overview Network Cameras TRIFORA 3 series provided by TOA Corporation contain multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2026-20759 Cross-site scripting CWE-79 - CVE-2026-20894 Path traversal CWE-22 - CVE-2026-22876 Shogo Iyota of GMO Cybersecurity by Ierae reported...

PT-2026-3240

Path Traversal vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation. If this vulnerability is exploited, arbitrary files on the affected product may be retrieved by a logged-in user with the low"monitoring user" or higher privilege...

TOA TRIFORA 3 Series Cross-site Scripting Vulnerabilities

The TOA TRIFORA 3 Series is a series of network cameras produced by the Japanese company TOA. The TOA TRIFORA 3 Series has a cross-site scripting vulnerability, which allows for the execution of arbitrary scripts in the victim’s browser...

TOA TRIFORA 3 Series Path traversal vulnerability

The TOA TRIFORA 3 Series is a series of network cameras produced by the Japanese company TOA. The TOA TRIFORA 3 Series has a path traversal vulnerability, which stems from issues with path traversal attacks, potentially allowing logged-in users to access arbitrary files...

PT-2026-3238

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low"monitoring user" or higher privilege to execute an arbitrary OS command...

@angular-devkit/build-angular (>=17.1.0-next.1 <=18.0.0-next.1), @directus/api (>=15.0.0 <=19.0.2) +25 more potentially affected by CVE-2024-30260 via undici (>=6.0.1 <=6.10.2)

undici NPM version =6.0.1, =17.1.0-next.1, =15.0.0, =10.0.15, =1.0.7, =18.0.0-next.3, =18.0.0-next.3, =1.0.0-alpha.22, =1.0.0-alpha.22, =1.0.0-alpha.22, =1.0.5, =1.0.6 and more Source cves: CVE-2024-30260 Source advisory: OSV:GHSA-M4V8-WQVR-P9F7...

TOA - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/67291/info TOA is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application...

TOA - Cross-Site Request Forgery

TOA - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/67291/info TOA is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the...