CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 1CVE-2018-25139 – FLIR AX8 Thermal Camera 1.32.16 Unauthenticated RTSP Stream Disclosure
https://notcve.org/view.php?id=CVE-2018-25139
24 Dec 2025 — Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage. • https://www.exploit-db.com/exploits/45606 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 3CVE-2023-53981 – PhotoShow 3.0 Remote Code Execution via Exiftran Path Injection
https://notcve.org/view.php?id=CVE-2023-53981
22 Dec 2025 — Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a crafted video upload process. • https://github.com/thibaud-rohmer/PhotoShow • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-58286 – dizqueTV 1.5.3 Remote Code Execution via FFMPEG Executable Path
https://notcve.org/view.php?id=CVE-2024-58286
11 Dec 2025 — dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. • https://www.vulncheck.com/advisories/dizquetv-remote-code-execution-via-ffmpeg-executable-path • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-57611
https://notcve.org/view.php?id=CVE-2025-57611
02 Sep 2025 — An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the dump() method allows an attacker to cause a denial of service. • https://github.com/meh/rust-ffmpeg/issues/192 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-57612
https://notcve.org/view.php?id=CVE-2025-57612
02 Sep 2025 — An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. • https://github.com/meh/rust-ffmpeg/issues/192 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-57613
https://notcve.org/view.php?id=CVE-2025-57613
02 Sep 2025 — An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of service. • https://github.com/meh/rust-ffmpeg/issues/192 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-57614
https://notcve.org/view.php?id=CVE-2025-57614
02 Sep 2025 — An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of service or potentially execute arbitrary code. • https://github.com/meh/rust-ffmpeg/issues/192 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-57615
https://notcve.org/view.php?id=CVE-2025-57615
02 Sep 2025 — An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service via a null pointer dereference. • https://github.com/meh/rust-ffmpeg/issues/192 • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-57616
https://notcve.org/view.php?id=CVE-2025-57616
02 Sep 2025 — An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory corruption. • https://github.com/meh/rust-ffmpeg/issues/192 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6605 – SourceCodester Best Salon Management System edit-staff.php sql injection
https://notcve.org/view.php?id=CVE-2025-6605
25 Jun 2025 — It was discovered that FFmpeg incorrectly handled the return values of functions in its Firequalizer filter and in the HTTP Live Streaming implementation, leading to a NULL pointer dereference. If a user was tricked into loading a crafted media file, a remote attacker could possibly use this issue to make FFmpeg crash, resulting in a denial of service. It was discovered that FFmpeg did not enforce an input format before triggering the HTTP demuxer. • https://github.com/Colorado-all/cve/blob/main/Best%20salon%20management%20system/SQL-6.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •