10
CVE-2025-34054 - AVTECH IP camera, DVR, and NVR Devices Unauthenticated Command Injection
An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root.ย Exploitation evidence wasโฆ
6.9
CVE-2025-34053 - AVTECH IP camera, DVR, and NVR Devices Authentication Bypass via .cab Path Manipulation
An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devicesโ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL containing ".cab" to bypass authentication and access protected endpoints.
0.0
CVE-2025-34052 -
An unauthenticated endpoint that exposes firmware version, MAC address, and supported codecs is not indicative of a security boundary being crossed, as this metadata is not inherently sensitive and commonly used for legitimate fingerprinting and discovery.
6.9
CVE-2025-34051 - AVTECH DVR Devices Server-Side Request Forgery
A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port, and queryb64str parameters to make arbitrary HTTP requests frโฆ
5.1
CVE-2025-34050 - AVTECH IP Camera, DVR, and NVR Devices Cross-Site Request Forgery
Aย cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in the context of an authenticated userโs browser session, allow unauthorized changes to the device configuration witโฆ
7.5
CVE-2025-37098 -
A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
6.9
CVE-2025-6958 - Campcodes Employee Management System edit.php sql injection
A vulnerability was found in Campcodes Employee Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed toโฆ
6.9
CVE-2025-6957 - Campcodes Employee Management System eprocess.php sql injection
A vulnerability was found in Campcodes Employee Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /process/eprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack can be initiated remotely. The exploit has โฆ
7.5
CVE-2025-37097 -
A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service
6.9
CVE-2025-6956 - Campcodes Employee Management System changepassemp.php sql injection
A vulnerability was found in Campcodes Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /changepassemp.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been diโฆ