9.4
CVE-2025-34055 - AVTECH IP camera, DVR, and NVR Devices Authenticated Root Command Execution
An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed direcβ¦
10
CVE-2025-34054 - AVTECH DVR Devices Unauthenticated Command Injection
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.
6.9
CVE-2025-34053 - AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devicesβ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
6.9
CVE-2025-34052 - AVTECH IP camera, DVR, and NVR Devices Unauthenticated Information Disclosure
An unauthenticated information disclosure vulnerability exists in AVTECH IP cameras, DVRs, and NVRs via Machine.cgi?action=get_capability. Sensitive internal device information such as firmware version, MAC address, and codec support can be accessed without authentication.
6.9
CVE-2025-34051 - AVTECH DVR Devices Server-Side Request Forgery
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests frβ¦
5.1
CVE-2025-34050 - AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery
AΒ cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated userβs browser session, allow unauthorized changes to the device configuration witβ¦
7.5
CVE-2025-37098 -
A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
6.9
CVE-2025-6958 - Campcodes Employee Management System edit.php sql injection
A vulnerability was found in Campcodes Employee Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed toβ¦
6.9
CVE-2025-6957 - Campcodes Employee Management System eprocess.php sql injection
A vulnerability was found in Campcodes Employee Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /process/eprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack can be initiated remotely. The exploit has β¦
7.5
CVE-2025-37097 -
A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service