Certain Anpviz products allow unauthenticated users to modify or disable camera related settings such as microphone volume, speaker volume, LED lighting, NTP, motion detection, etc. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280,...
6.8AI Score
EPSS
Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10...
6.5AI Score
EPSS
Certain Anpviz products allow unauthenticated users to download arbitrary files from the device's filesystem via a HTTP GET request to the /playback/ URI. This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L,...
6.9AI Score
EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
CVE-2024-23501 WordPress Ebook Store Plugin <= 5.788 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through...
5.9CVSS
5.9AI Score
0.0004EPSS
Generic HTTP Directory Traversal (Web Root) - Active Check
Generic check for HTTP directory traversal vulnerabilities on the web root level of the remote web...
9.8CVSS
8AI Score
0.975EPSS
CVE-2024-29129 WordPress OxyExtras plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zimma Ltd. Ticket Tailor allows Stored XSS.This issue affects Ticket Tailor: from n/a through...
6.5CVSS
9.1AI Score
0.0004EPSS
Plex Media Server < 1.19.3 Authenticated RCE
According to its self-reported version number, the version of Plex Media Server installed on the remote Windows host is prior to 1.19.3. It is, therefore, affected by an authenticated remote code execution vulnerability in the camera upload feature. An authenticated, remote attacker can exploit...
7.2CVSS
7.6AI Score
0.719EPSS
CVE-2024-29104 WordPress Ticket Tailor plugin <= 1.10 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zimma Ltd. Ticket Tailor allows Stored XSS.This issue affects Ticket Tailor: from n/a through...
6.5CVSS
6.6AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through...
5.9CVSS
6.5AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...
7.6CVSS
7.6AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...
7.6CVSS
6.9AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a through...
7.6CVSS
7AI Score
0.0004EPSS
Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without...
6.7AI Score
0.0004EPSS
Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without...
6.8AI Score
0.0004EPSS
7.8CVSS
0.1AI Score
0.0004EPSS
Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target....
7.8CVSS
8.1AI Score
0.001EPSS
Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...
7.8CVSS
8.1AI Score
0.001EPSS
Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the...
7.8CVSS
8.1AI Score
0.001EPSS
Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must...
7.8CVSS
8AI Score
0.001EPSS
Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image...
5.9CVSS
5.8AI Score
0.0004EPSS
Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin...
4.8AI Score
0.0004EPSS
Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin...
4.6CVSS
4.4AI Score
0.0004EPSS
Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend...
7.8AI Score
0.0004EPSS
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger.....
7.2CVSS
7AI Score
0.0004EPSS
Insecure Permissions vulnerability in Guangzhou Yingshi Electronic Technology Co. Ncast Yingshi high-definition intelligent recording and playback system 2007-2017 allows a remote attacker to execute arbitrary code via the /manage/IPSetup.php backend...
7.8AI Score
0.0004EPSS
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The /api/config endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an...
8.8CVSS
7.5AI Score
0.0004EPSS
SightLogix Camera SLP Detection
The remote host indicates that it is a SightLogix camera via its SLP attribute...
7AI Score
CVE-2023-6322 Stack-based buffer overflow in message parser functionality
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger.....
7.2CVSS
7.1AI Score
0.0004EPSS
Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
8.9AI Score
0.0004EPSS
CVE-2024-1395 Mali GPU Kernel Driver allows improper GPU memory processing operations
Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. This.....
6.5AI Score
0.0004EPSS
Use After Free vulnerability in Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. This.....
6.5AI Score
0.0004EPSS
Exploit for Expression Language Injection in Vmware Spring Cloud Function
CVE-2022-22963 CVE-2022-22963...
9.8CVSS
9.8AI Score
0.974EPSS
CVE-2023-6322 Stack-based buffer overflow in message parser functionality
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger.....
7.2CVSS
7.2AI Score
0.0004EPSS
CVE-2023-6116 Remote Code Execution without authentication using stack overflow
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report...
8.9CVSS
9.4AI Score
0.0004EPSS
A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically....
6.5CVSS
6.5AI Score
0.0004EPSS
A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically....
6.5CVSS
6.5AI Score
0.0004EPSS
A vulnerability regarding buffer copy without checking the size of input ('Classic Buffer Overflow') has been found in the login component. This allows remote attackers to conduct denial-of-service attacks via unspecified vectors. This attack only affects the login service which will automatically....
6.5CVSS
7.2AI Score
0.0004EPSS
Hipcam RealServer/V1.0 RTSP Format Validation Vulnerability...
7.2AI Score
OpenBSD OpenSSH <= 9.6 Authentication Bypass Vulnerability
OpenBSD OpenSSH is prone to an authentication bypass ...
7CVSS
6.9AI Score
0.001EPSS
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure...
6.7CVSS
6.7AI Score
0.0004EPSS
RHEL 8 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Simultaneous Multi-threading...
7.4CVSS
6.8AI Score
0.015EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...
6.6AI Score
0.0004EPSS
Check Point VPN-1 PAT Information Disclosure Vulnerability - Active Check
Check Point VPN-1 PAT is prone to an information disclosure ...
6.2AI Score
0.007EPSS
About the security content of visionOS 1.2
About the security content of visionOS 1.2 This document describes the security content of visionOS 1.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
8.8CVSS
7.9AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists...
6.4AI Score
0.0004EPSS
7.4AI Score
0.001EPSS
Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
7.1AI Score
0.0004EPSS
Important: pcp security, bug fix, and enhancement update
Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): pcp:.....
8.8CVSS
7.3AI Score
0.0004EPSS