Search
Search Results (2 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6824 | 1 Cp Plus | 3 Cp-unr-108f1 Hardware, Cp-unr-108f1 System, Cp-unr-108f1 Web | 2026-05-30 | 8.4 High |
| A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators or users access affected pages, the stored scripts are executed in their browsers, leading to potential session hijacking, unauthorized actions, or data theft. | ||||
| CVE-2026-9274 | 1 Cp Plus | 18 Cp-e21q, Cp-e24q, Cp-e25q and 15 more | 2026-05-27 | N/A |
| This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including cryptographic private keys, Wi-Fi credentials and configuration data stored in RAM of the targeted device. Successful exploitation of this vulnerability could allow unauthorized access to encrypted communications and connected wireless network of the targeted device. | ||||
Page 1 of 1.