CVE-2025-8899 Paid Videochat Turnkey Site – HTML5 PPV Live Webcams <= 7.3.20 - Authenticated (Author+) Privilege Escalation

The Paid Videochat Turnkey Site – HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisperregisterform function not restricting user roles that can be set during registration. This makes it possible...

WordPress plugin Paid Videochat Turnkey Site – HTML5 PPV Live Webcams 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Smarteye iSmartViewPro 安全漏洞

Smarteye iSmartViewPro is a remote monitoring application for webcams developed by Smarteye Company in China. Version 1.3.34 of Smarteye iSmartViewPro contains a security vulnerability. This vulnerability allows attackers to cause the application to crash by entering the camera ID field,...

Microsoft Windows USB Video Class driver 安全漏洞

Microsoft Windows USB Video Class driver is a driver for webcams or digital camcorders from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows USB Video Class driver, which can be exploited by attackers to obtain sensitive information...

CVE-2025-4371

CVE-2025-4371 affects Lenovo 510 FHD and Lenovo Performance FHD webcams. The issue arises from the devices’ firmware validation gap, which could let an attacker with physical access write arbitrary firmware updates over USB, enabling BadUSB-style control and potential persistence. The linked PT-2...

CVE-2025-4371

A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection...

CVE-2025-4371

A potential vulnerability was reported in the Lenovo 510 FHD and Performance FHD web cameras that could allow an attacker with physical access to write arbitrary firmware updates to the device over a USB connection...

PT-2025-32555

Name of the Vulnerable Software and Affected Versions: Lenovo 510 FHD Webcam versions prior to 4.8.0 Lenovo Performance FHD Webcam versions prior to 4.8.0 Description: Linux webcams can be compromised and become a persistent malware vector. The flaw allows for re-infection even after an operating...

Linux-Based Lenovo Webcams' Flaw Can Be Remotely Exploited for BadUSB Attacks

Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. "This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system," Eclypsium researchers Paul...

FBI Warns of HiatusRAT Malware Targeting Webcams and DVRs

KEY SUMMARY POINTS The FBI has issued a Private Industry Notification PIN to highlight new malware campaigns targeting…...

webcams-skandinavien.de Cross Site Scripting vulnerability OBB-3831884

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Microsoft shares threat intelligence at CYBERWARCON 2023

At the CYBERWARCON 2023 conference, Microsoft and LinkedIn analysts are presenting several sessions detailing analysis across multiple sets of threat actors and related activity. This blog is intended to summarize the content of the research covered in these presentations and demonstrates Microso...

Zavio CF Series Buffer Error Vulnerability

Zavio CF Series is a series of webcams from Zavio. The Zavio CF Series suffers from a buffer error vulnerability that stems from susceptibility to a stack-based overflow that does not adequately check or validate the size of the allocated buffer, which could lead to remote code execution...

Design/Logic Flaw

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when th...

CVE-2022-23488 BigBlueButton vulnerable to Insertion of Sensitive Information Into Sent Data

BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when th...

PT-2022-16022 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton versions prior to 2.4-rc-6 Description: The moderators-only webcams lock setting in BigBlueButton is not enforced on the backend. This allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied, b...

webcams.8dgo.xyz Cross Site Scripting vulnerability OBB-3073738

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Code injection

Nextcloud Talk is a video and audio conferencing app for Nextcloud. In versions prior to 13.0.5 and 14.0.0, a call moderator can indirectly enable user webcams by granting permissions, if they were enabled before removing the permissions. A patch is available in versions 13.0.5 and 14.0.0. There...

Moderator can enable cam/mic remotely if cam/mic-permission was disabled while user has activated cam/mic

None...

Scylla - The Simplistic Information Gathering Engine | Find Advanced Information On A Username, Website, Phone Number, Etc

Notice For Deprecation This project is no longer being worked on by the developer. As of today, the program has many flaws and is not up to modern OSINT standards. A lot of APIs utilized within Scylla are no longer working as they did when the project was first released. The developer wrote Scyll...