CVE-2026-33493

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath +...

EUVD-2026-8874

The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lea...

PT-2026-22173

Name of the Vulnerable Software and Affected Versions Pelco Sarix Professional 3 Series Cameras affected versions not specified Description The Pelco Sarix Professional 3 Series Cameras have a flaw in their web management interface related to insufficient access control enforcement. This allows...

PT-2025-53334

Name of the Vulnerable Software and Affected Versions Beward N100 version M2.1.6.04C014 Description The Beward N100 camera system has a flaw that permits unauthenticated remote access to live video streams. An attacker can obtain the camera’s RTSP stream directly due to missing authentication in...

EUVD-2025-204759

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

CVE-2025-65856

The CVE-2025-65856 entry concerns Xiongmai XM530 IP cameras running firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The vulnerability is an authentication bypass in the ONVIF implementation that fails to enforce authentication on 31 endpoints, allowing unauthenticated remote access to sen...

CVE-2025-65857

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

EUVD-2017-2365

Malware in sbrugna...

EUVD-2025-7896

Malicious code in bioql PyPI...

EUVD-2023-58493

Malicious code in bioql PyPI...

EUVD-2025-4715

Malicious code in bioql PyPI...

EUVD-2025-23864

Malicious code in bioql PyPI...

CVE-2021-40381

An issue was discovered on Compro IP70 2.087130218, IP570 2.087130520, IP60, and TN540 devices. indexMJpeg.cgi allows video access...

CVE-2025-30116

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 90...

CVE-2025-30141

An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to the dashcam's network can retrieve all...

CVE-2025-30111

On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper authentication...

CVE-2025-30116

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 90...

CVE-2025-30111

On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper authentication...

Forvia Hella HELLA Driving Recorder DR 820 安全漏洞

Forvia Hella HELLA Driving Recorder DR 820 is a driving recorder from Forvia. A security vulnerability exists in the Forvia Hella HELLA Driving Recorder DR 820, which originated from a vulnerability that allows remote attackers to access and download recorded video via port 9091, and stream...

CVE-2024-52327 ECOVACS lawnmower and vacuum cloud service live video PIN bypass

The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed...