Vulnerabilidades en blakeblackshear
11 resultadosCVE-2026-25643CRITICALFrigate Affected by Authenticated Remote Command Execution (RCE) and Container EscapeEPSS 2.9%CVE-2023-45671MEDIUMFrigate reflected XSS through `/<camera_name>` API endpointsEPSS 1.4%CVE-2023-45672HIGHFrigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py`EPSS 1.4%CVE-2024-32874MEDIUMIn Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of ServiceEPSS 0.8%CVE-2023-45670HIGHFrigate cross-site request forgery in `config_save` and `config_set` request handlersEPSS 0.4%CVE-2026-33470MEDIUMFrigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webpEPSS 0.3%CVE-2025-62382HIGHFrigate Vulnerable to Arbitrary File Read via Export Thumbnail "image_path" parameterEPSS 0.3%CVE-2026-33124HIGHFrigate has insecure password change functionalityEPSS 0.2%CVE-2026-33469MEDIUMAuthenticated Frigate users can read the full unredacted configuration via `/api/config/rawEPSS 0.2%CVE-2026-33125HIGHFrigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accountsEPSS 0.2%CVE-2026-33126MEDIUMFrigate has SSRF vulnerability in /ffprobe endpointEPSS 0.2%