Vulnerabilities > Hikvision
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-18 | CVE-2024-47485 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Hikvision Hikcentral Master There is a CSV injection vulnerability in some HikCentral Master Lite versions. | 9.8 |
| 2024-10-18 | CVE-2024-47486 | Cross-site Scripting vulnerability in Hikvision Hikcentral Master There is an XSS vulnerability in some HikCentral Master Lite versions. | 6.1 |
| 2024-10-18 | CVE-2024-47487 | SQL Injection vulnerability in Hikvision Hikcentral Professional 2.0.0/2.5.1 There is a SQL injection vulnerability in some HikCentral Professional versions. | 8.8 |
| 2024-03-02 | CVE-2024-25063 | Unspecified vulnerability in Hikvision Hikcentral Professional Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to. | 7.5 |
| 2024-03-02 | CVE-2024-25064 | Unspecified vulnerability in Hikvision Hikcentral Professional Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values. | 4.3 |
| 2023-12-17 | CVE-2023-6894 | Unspecified vulnerability in Hikvision Intercom Broadcast System A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). | 6.5 |
| 2023-12-17 | CVE-2023-6895 | OS Command Injection vulnerability in Hikvision Intercom Broadcast System A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). | 9.8 |
| 2023-12-17 | CVE-2023-6893 | Path Traversal vulnerability in Hikvision Intercom Broadcast System A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as problematic. | 7.5 |
| 2023-11-23 | CVE-2023-28812 | Classic Buffer Overflow vulnerability in Hikvision Localservicecomponents 1.0.0.78 There is a buffer overflow vulnerability in a web browser plug-in could allow an attacker to exploit the vulnerability by sending crafted messages to computers installed with this plug-in, which could lead to arbitrary code execution or cause process exception of the plug-in. | 9.8 |
| 2023-11-23 | CVE-2023-28813 | Unspecified vulnerability in Hikvision Localservicecomponents 1.0.0.78 An attacker could exploit a vulnerability by sending crafted messages to computers installed with this plug-in to modify plug-in parameters, which could cause affected computers to download malicious files. | 7.5 |