A stored cross-site scripting (XSS) vulnerability in certain 1xxx series Network Video Recorder (NVR) devices allows authenticated attackers with high privileges to inject malicious scripts that persist on the device backend. When administrators or users subsequently access affected pages, the stored scripts execute in their browsers, potentially enabling session hijacking, unauthorized actions, or data t [truncated]
CP Plus Wi-Fi Camera devices contain a medium-severity vulnerability (CVSS 4.0: 5.2) stemming from improper protection of sensitive information in runtime memory (CWE-312). An attacker with physical access can extract cryptographic private keys, Wi-Fi credentials, and configuration data by interfacing with the UART port and performing memory extraction from RAM. Successful exploitation enables unauthorize [truncated]