📦 Motioneye

MotionEye v0.43.1b4 and earlier contains an OS command injection vulnerability where authenticated admin users can inject malicious commands through configuration parameters like image_file_name. Thes...

MotionEye v0.42.1 and below contains an information disclosure vulnerability where attackers can access sensitive configuration data via unauthenticated GET requests to /config/list. This affects syst...

This vulnerability allows authenticated attackers to execute arbitrary code on MotionEye and MotionEyeOS servers by uploading malicious Python pickle files disguised as configuration backups. It affec...