9.8
CVE-2025-67489 - @vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIsβ¦
@vitejs/plugin-rs provides React Server Components (RSC) support for Vite. Versions 0.5.5 and below are vulnerable to arbitrary remote code execution on the development server through unsafe dynamic imports in server function APIs (loadServerAction, decodeReply, decodeAction) when integrated into Rβ¦
8.7
CVE-2023-53770 - MiniDVBLinux 5.4 Unauthenticated Configuration Download via Backup Endpoint
MiniDVBLinux 5.4 contains an unauthenticated configuration download vulnerability that allows remote attackers to access sensitive system configuration files through a direct object reference. Attackers can exploit the backup download endpoint by sending a GET request with 'action=getconfig' to retβ¦
9.9
CVE-2023-53739 - Tinycontrol LAN Controller v3 LK3 1.58a Unauthenticated Configuration Backup Disclosure
Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords withouβ¦
9.3
CVE-2021-47731 - Selea Targa IP Camera Developer Backdoor Configuration Overwrite
Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite devβ¦
8.5
CVE-2021-47730 - Selea Targa IP Camera Cross-Site Request Forgery via Admin Creation
Selea Targa IP OCR-ANPR Camera contains a cross-site request forgery vulnerability that allows attackers to create administrative users without authentication. Attackers can craft a malicious web page that submits a form to add a new admin user with full system privileges when a logged-in user visiβ¦
5.1
CVE-2021-47729 - Selea Targa IP Camera Stored Cross-Site Scripting via Files List
Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'files_list' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/get_file.php with crafted payload to execute arbitrary scripts in victim's β¦
9.3
CVE-2021-47728 - Selea Targa IP Camera Remote Code Execution via Utils
Selea Targa IP OCR-ANPR Camera contains an unauthenticated command injection vulnerability in utils.php that allows remote attackers to execute arbitrary shell commands. Attackers can exploit the 'addr' and 'port' parameters to inject commands and gain www-data user access through chained local filβ¦
8.7
CVE-2021-47727 - Selea Targa IP Camera Unauthenticated Stream Disclosure
Selea Targa IP OCR-ANPR Camera contains an unauthenticated vulnerability that allows remote attackers to access live video streams without authentication. Attackers can directly connect to RTP/RTSP or M-JPEG streams by requesting specific endpoints like p1.mjpg or p1.264 to view camera footage.
7.1
CVE-2021-47724 - STVS ProVision Authenticated File Disclosure via archive.rb
STVS ProVision 5.9.10 contains a path traversal vulnerability that allows authenticated attackers to access arbitrary files by manipulating the files parameter in the archive download functionality. Attackers can send GET requests to /archive/download with directory traversal sequences to read sensβ¦
6.9
CVE-2021-47723 - STVS ProVision Cross-Site Request Forgery (Add Admin)
STVS ProVision 5.9.10 contains a cross-site request forgery vulnerability that allows attackers to perform actions with administrative privileges by exploiting unvalidated HTTP requests. Attackers can visit malicious web sites to trigger the forge request, allowing them to create new admin users.