Vendor Products CVEs KEV Avg EPSS Worst Severity 2 6 0 56.6% CRITICAL
CVE ID Description Severity CVSS KEV EPSS Published CVE-2025-63408 Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request (SSRF), or execute OS commands. HIGH 7.8 — 26.5% Nov 18, 2025 CVE-2024-22515 Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. HIGH 8.8 — 64.3% Feb 6, 2024 CVE-2024-22514 An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. HIGH 8.8 — 69.1% Feb 6, 2024 CVE-2022-29775 iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. CRITICAL 9.8 — — Jun 21, 2022 CVE-2022-29774 iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal. CRITICAL 9.8 — — Jun 21, 2022 CVE-2020-13093 iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. MEDIUM 5.3 — 66.5% May 15, 2020