VYPR

Motioneye

by Motioneye Project

pypi: motioneye

Source repositories

CVEs (6)

  • CVE-2026-46488criJun 22, 2026
    risk 0.59cvss epss

    ### Summary An authentication bypass vulnerability exists due to improper trust in client-controlled cookies. The application accepts user-supplied cookie values containing a username and password-hash-derived value as sufficient authentication material. These cookies can be set…

  • CVE-2025-47782HigMay 14, 2025
    risk 0.51cvss epss 0.00

    motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin…

  • CVE-2026-55488higJun 23, 2026
    risk 0.45cvss epss 0.01

    ### Summary mEye contains an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-controlled filename parameter and construct filesystem paths using…

  • CVE-2026-55863medJun 23, 2026
    risk 0.26cvss epss

    ## Summary The `ActionHandler.post()` method in motionEye has no authentication decorator, allowing any unauthenticated attacker to trigger camera actions including snapshots, recording start/stop, and configured action scripts (PTZ controls, alarm triggers, etc.). ##…

  • CVE-2026-32315medJun 22, 2026
    risk 0.26cvss epss 0.03

    # Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye ## Summary motionEye v0.43.1 and prior versions create the configuration file `/etc/motioneye/motion.conf` with `644` permissions (`-rw-r--r--`), making it readable by any local…

  • CVE-2026-31978medJun 22, 2026
    risk 0.26cvss epss 0.00

    ### Summary motionEye v0.43.1 (latest stable) is vulnerable to path traversal in the picture and movie API endpoints, like `/picture/{id}/preview/{filename}`. Neither the API handlers, nor the `mediafiles.py` functions like `get_media_preview()` check for `..` sequences in the…