Lucene search
K

57 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42640

MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without...

6AI score0.00372EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42128

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS6AI score0.00216EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56279

Name of the Vulnerable Software and Affected Versions Cap affected versions not specified Description The 'GET /api/video/ai' endpoint fails to validate user ownership or membership. This allows authenticated attackers to provide arbitrary video IDs to access private AI metadata, such as titles,...

7.1CVSS6AI score0.00216EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/23 3:52 p.m.5 views

CVE-2026-33493

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/import.json.php endpoint accepts a user-controlled fileURI POST parameter with only a regex check that the value ends in .mp4. Unlike objects/listFiles.json.php, which was hardened with a realpath +...

7.1CVSS5.8AI score0.00335EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/02/26 9:31 p.m.6 views

EUVD-2026-8874

The Pelco, Inc. Sarix Professional 3 Series Cameras are vulnerable to an authentication bypass issue in their web management interface. The flaw stems from inadequate enforcement of access controls, allowing certain functionality to be accessed without proper authentication. This weakness can lea...

8.7CVSS5.4AI score0.00348EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.9 views

PT-2026-22173

Name of the Vulnerable Software and Affected Versions Pelco Sarix Professional 3 Series Cameras affected versions not specified Description The Pelco Sarix Professional 3 Series Cameras have a flaw in their web management interface related to insufficient access control enforcement. This allows...

8.7CVSS6AI score0.00348EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/12/24 12:0 a.m.5 views

PT-2025-53334

Name of the Vulnerable Software and Affected Versions Beward N100 version M2.1.6.04C014 Description The Beward N100 camera system has a flaw that permits unauthenticated remote access to live video streams. An attacker can obtain the camera’s RTSP stream directly due to missing authentication in...

8.7CVSS6.8AI score0.00418EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/23 12:30 a.m.5 views

EUVD-2025-204759

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

7.5CVSS9.4AI score0.00373EPSS
Exploits3References4
CVE
CVE
added 2025/12/22 12:0 a.m.23 views

CVE-2025-65856

The CVE-2025-65856 entry concerns Xiongmai XM530 IP cameras running firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The vulnerability is an authentication bypass in the ONVIF implementation that fails to enforce authentication on 31 endpoints, allowing unauthenticated remote access to sen...

9.8CVSS9.4AI score0.00679EPSS
Exploits4References1Affected Software1
Cvelist
Cvelist
added 2025/12/22 12:0 a.m.31 views

CVE-2025-65857

An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access...

0.00373EPSS
Exploits3References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-2365

Malware in sbrugna...

6.5CVSS6.6AI score0.0207EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-58493

Malicious code in bioql PyPI...

10CVSS9.2AI score0.0122EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-4715

Malicious code in bioql PyPI...

5.3CVSS9.1AI score0.00449EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-23864

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00428EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-7896

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.00393EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 6:10 p.m.7 views

CVE-2021-40381

An issue was discovered on Compro IP70 2.087130218, IP570 2.087130520, IP60, and TN540 devices. indexMJpeg.cgi allows video access...

7.5CVSS6.9AI score0.22724EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/03/20 4:7 p.m.8 views

CVE-2025-30116

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 90...

7.5CVSS7.6AI score0.00508EPSS
Exploits0References1
NVD
NVD
added 2025/03/18 8:15 p.m.9 views

CVE-2025-30141

An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to the dashcam's network can retrieve all...

7.5CVSS0.0033EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/18 12:0 a.m.7 views

CVE-2025-30116

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 90...

7.5AI score0.00508EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/18 12:0 a.m.13 views

CVE-2025-30111

On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper authentication...

0.00393EPSS
Exploits0References2
Rows per page
Query Builder