Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows a
A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password re
Heatmiser Wifi Thermostat 1.7 contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve administrative credentials by accessing the networkSetup.htm page. Attack
CVE-2025-10264
CRITICAL CVSS 10.0
Find Similar
Certain models of NVR developed by Digiever has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remoter attackers to access the system configuration file and obtain plaint
A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default crede
A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation le
A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16 and classified as critical. Affected by this issue is some unknown functionality of the file /priv/production/prod
The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server, the credenti
Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on port 80 enforces au
The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access.
The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authe
A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component
A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded crede
A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoin
An Authentication Bypass vulnerability has been found in Trivision Camera NC227WF v5.8.0 from TrivisionSecurity. This vulnerability allows an attacker to retrieve administrator's credentials in cleart
The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive
CVE-2022-50919
CRITICAL CVSS 9.3
Find Similar
Tdarr 2.00.15 contains an unauthenticated remote code execution vulnerability in its Help terminal that allows attackers to inject and chain arbitrary commands. Attackers can exploit the lack of input
Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interacti
Kenik Camera management Panel is vulnerable to Path Traversal vulnerability. An unauthenticated attacker can send GET request with arbitrary file path and read corresponding files located on the serve
Inadequate access control vulnerability in Davantis DDFUSION v6.177.7, which allows unauthorised actors to retrieve perspective parameters from security camera settings by accessing “/cameras/