CVE-2021-47705 - CNC_Ctrl DllUnregisterServer Access Violation
CVE ID : CVE-2021-47705
Published : Dec. 9, 2025, 8:37 p.m. | 26 minutes ago
Description : COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNC_Ctrl.dll to cause heap corruption and potentially gain system-level access.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47705
Published : Dec. 9, 2025, 8:37 p.m. | 26 minutes ago
Description : COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit improper boundary validation in CNC_Ctrl.dll to cause heap corruption and potentially gain system-level access.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47706 - COMMAX Biometric Access Control System Authentication Bypass
CVE ID : CVE-2021-47706
Published : Dec. 9, 2025, 8:37 p.m. | 25 minutes ago
Description : COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47706
Published : Dec. 9, 2025, 8:37 p.m. | 25 minutes ago
Description : COMMAX Biometric Access Control System 1.0.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to access sensitive information and circumvent physical controls in smart homes and buildings by exploiting cookie poisoning. Attackers can forge cookies to bypass authentication and disclose sensitive information.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47707 - COMMAX CVD-Axx DVR Weak Default Credentials Stream Disclosure
CVE ID : CVE-2021-47707
Published : Dec. 9, 2025, 8:39 p.m. | 24 minutes ago
Description : COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47707
Published : Dec. 9, 2025, 8:39 p.m. | 24 minutes ago
Description : COMMAX CVD-Axx DVR 5.1.4 contains weak default administrative credentials that allow remote password attacks and disclose RTSP stream. Attackers can exploit this by sending a POST request with the 'passkey' parameter set to '1234', allowing them to access the web control panel.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47708 - COMMAX Smart Home IoT Control System SQL Injection Authentication Bypass
CVE ID : CVE-2021-47708
Published : Dec. 9, 2025, 8:39 p.m. | 24 minutes ago
Description : COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47708
Published : Dec. 9, 2025, 8:39 p.m. | 24 minutes ago
Description : COMMAX Smart Home System CDP-1020n contains an SQL injection vulnerability that allows attackers to bypass authentication by injecting arbitrary SQL code through the 'id' parameter in 'loginstart.asp'. Attackers can exploit this by sending a POST request with malicious 'id' values to manipulate database queries and gain unauthorized access.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64896 - Creative Cloud Desktop | Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)
CVE ID : CVE-2025-64896
Published : Dec. 9, 2025, 8:39 p.m. | 23 minutes ago
Description : Creative Cloud Desktop versions 6.4.0.361 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to disrupt the application's functionality by manipulating temporary files. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64896
Published : Dec. 9, 2025, 8:39 p.m. | 23 minutes ago
Description : Creative Cloud Desktop versions 6.4.0.361 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to disrupt the application's functionality by manipulating temporary files. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47709 - COMMAX Smart Home Ruvie CCTV Bridge DVR Service Config Write / DoS
CVE ID : CVE-2021-47709
Published : Dec. 9, 2025, 8:39 p.m. | 23 minutes ago
Description : COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47709
Published : Dec. 9, 2025, 8:39 p.m. | 23 minutes ago
Description : COMMAX Smart Home System allows an unauthenticated attacker to change configuration and cause denial-of-service through the setconf endpoint. Attackers can trigger a denial-of-service scenario by sending a malformed request to the setconf endpoint.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13743 - Expired Personal Access Tokens (PATs) are recorded in Docker Desktop diagnostic logs
CVE ID : CVE-2025-13743
Published : Dec. 9, 2025, 8:39 p.m. | 23 minutes ago
Description : Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13743
Published : Dec. 9, 2025, 8:39 p.m. | 23 minutes ago
Description : Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47710 - COMMAX Smart Home Ruvie CCTV Bridge DVR Service RTSP Credentials Disclosure
CVE ID : CVE-2021-47710
Published : Dec. 9, 2025, 8:40 p.m. | 23 minutes ago
Description : COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request to this endpoint.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47710
Published : Dec. 9, 2025, 8:40 p.m. | 23 minutes ago
Description : COMMAX Smart Home System is a smart IoT home solution that allows an unauthenticated attacker to disclose RTSP credentials in plain-text by exploiting the /overview.asp endpoint. Attackers can access sensitive information, including login credentials and DVR settings, by submitting a GET request to this endpoint.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47717 - IntelliChoice eFORCE Software Suite Username Enumeration
CVE ID : CVE-2021-47717
Published : Dec. 9, 2025, 8:40 p.m. | 23 minutes ago
Description : IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47717
Published : Dec. 9, 2025, 8:40 p.m. | 23 minutes ago
Description : IntelliChoice eFORCE Software Suite 2.5.9 contains a username enumeration vulnerability that allows attackers to enumerate valid users by exploiting the 'ctl00$MainContent$UserName' POST parameter. Attackers can send requests with valid usernames to retrieve user information.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47718 - OpenBMCS Directory Listing Information Disclosure
CVE ID : CVE-2021-47718
Published : Dec. 9, 2025, 8:40 p.m. | 22 minutes ago
Description : OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47718
Published : Dec. 9, 2025, 8:40 p.m. | 22 minutes ago
Description : OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system information.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47719 - CNC_Ctrl DllUnregisterServer f5501 Access Violation
CVE ID : CVE-2021-47719
Published : Dec. 9, 2025, 8:41 p.m. | 22 minutes ago
Description : COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit boundary errors in Commax_WebViewer.ocx to cause buffer overflow conditions and potentially gain code execution.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47719
Published : Dec. 9, 2025, 8:41 p.m. | 22 minutes ago
Description : COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can exploit boundary errors in Commax_WebViewer.ocx to cause buffer overflow conditions and potentially gain code execution.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47723 - STVS ProVision Cross-Site Request Forgery (Add Admin)
CVE ID : CVE-2021-47723
Published : Dec. 9, 2025, 8:41 p.m. | 21 minutes ago
Description : STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47723
Published : Dec. 9, 2025, 8:41 p.m. | 21 minutes ago
Description : STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47724 - STVS ProVision Authenticated File Disclosure via archive.rb
CVE ID : CVE-2021-47724
Published : Dec. 9, 2025, 8:42 p.m. | 21 minutes ago
Description : STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47724
Published : Dec. 9, 2025, 8:42 p.m. | 21 minutes ago
Description : STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensitive system files like /etc/passwd.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47727 - Selea Targa IP Camera Unauthenticated Stream Disclosure
CVE ID : CVE-2021-47727
Published : Dec. 9, 2025, 8:43 p.m. | 19 minutes ago
Description : Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p1.mjpg or p1.264 to view camera footage.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47727
Published : Dec. 9, 2025, 8:43 p.m. | 19 minutes ago
Description : Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p1.mjpg or p1.264 to view camera footage.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47728 - Selea Targa IP Camera Remote Code Execution via Utils
CVE ID : CVE-2021-47728
Published : Dec. 9, 2025, 8:44 p.m. | 19 minutes ago
Description : Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47728
Published : Dec. 9, 2025, 8:44 p.m. | 19 minutes ago
Description : Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local file inclusion techniques.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47729 - Selea Targa IP Camera Stored Cross-Site Scripting via Files List
CVE ID : CVE-2021-47729
Published : Dec. 9, 2025, 8:45 p.m. | 18 minutes ago
Description : Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted payload to execute arbitrary scripts in victim's browser session.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47729
Published : Dec. 9, 2025, 8:45 p.m. | 18 minutes ago
Description : Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted payload to execute arbitrary scripts in victim's browser session.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47730 - Selea Targa IP Camera Cross-Site Request Forgery via Admin Creation
CVE ID : CVE-2021-47730
Published : Dec. 9, 2025, 8:46 p.m. | 17 minutes ago
Description : Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47730
Published : Dec. 9, 2025, 8:46 p.m. | 17 minutes ago
Description : Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visits the page.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47731 - Selea Targa IP Camera Developer Backdoor Configuration Overwrite
CVE ID : CVE-2021-47731
Published : Dec. 9, 2025, 8:47 p.m. | 16 minutes ago
Description : Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite device settings.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47731
Published : Dec. 9, 2025, 8:47 p.m. | 16 minutes ago
Description : Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite device settings.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53739 - Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure
CVE ID : CVE-2023-53739
Published : Dec. 9, 2025, 8:49 p.m. | 13 minutes ago
Description : Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53739
Published : Dec. 9, 2025, 8:49 p.m. | 13 minutes ago
Description : Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-53770 - MiniDVBLinux 5.4 Unauthenticated Configuration Download via Backup Endpoint
CVE ID : CVE-2023-53770
Published : Dec. 9, 2025, 8:53 p.m. | 9 minutes ago
Description : MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retrieve a complete system configuration archive containing sensitive credentials.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-53770
Published : Dec. 9, 2025, 8:53 p.m. | 9 minutes ago
Description : MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retrieve a complete system configuration archive containing sensitive credentials.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67489 - @vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server
CVE ID : CVE-2025-67489
Published : Dec. 9, 2025, 8:54 p.m. | 9 minutes ago
Description : @vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs (loadServerAction, decodeReply, decodeAction) when integrated into RSC applications that expose server function endpoints. Attackers with network access to the development server can read/modify files, exfiltrate sensitive data (source code, environment variables, credentials), or pivot to other internal services. While this affects development servers only, the risk increases when using vite --host to expose the server on all network interfaces. This issue is fixed in version 0.5.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67489
Published : Dec. 9, 2025, 8:54 p.m. | 9 minutes ago
Description : @vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs (loadServerAction, decodeReply, decodeAction) when integrated into RSC applications that expose server function endpoints. Attackers with network access to the development server can read/modify files, exfiltrate sensitive data (source code, environment variables, credentials), or pivot to other internal services. While this affects development servers only, the risk increases when using vite --host to expose the server on all network interfaces. This issue is fixed in version 0.5.6.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...