VYPR

Desktop Application

by Reolink

CVEs (7)

  • CVE-2026-4387LowMay 29, 2026
    risk 0.13cvss epss 0.00

    StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\\.sdm\state.kv. The file is…

  • CVE-2025-56801Oct 21, 2025
    risk 0.00cvss epss 0.00

    The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's…

  • CVE-2025-56800Oct 21, 2025
    risk 0.00cvss epss 0.00

    Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned…

  • CVE-2025-56799Oct 21, 2025
    risk 0.00cvss epss 0.01

    Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself.

  • CVE-2025-56802Oct 21, 2025
    risk 0.00cvss epss 0.00

    The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the…

  • CVE-2024-48605Oct 22, 2024
    risk 0.00cvss epss 0.01

    An issue in Helakuru Desktop Application v1.1 allows a local attacker to execute arbitrary code via the lack of proper validation of the wow64log.dll file.

  • CVE-2022-36263Aug 19, 2022
    risk 0.00cvss epss 0.00

    StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file.