Motioneye-Project Motioneye vulnerabilities
4 known vulnerabilities affecting motioneye-project/motioneye.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-60787P2HIGHCVSS 7.2PoCfixed in 0.44.02025-10-03
CVE-2025-60787 [HIGH] CWE-20 CVE-2025-60787: MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters suc
MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as image_file_name. Unsanitized user input is written to Motion configuration files, allowing remote authenticated attackers with admin access to achieve code execution when Motion is restarted.
nvd
CVE-2026-55488P3HIGHCVSS 7.7fixed in 0.44.02026-06-24
CVE-2026-55488 [HIGH] CWE-22 CVE-2026-55488: motionEye (mEye) is an online interface for a piece of software called "motion," which is a video su
motionEye (mEye) is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem. The affected handlers accept a user-c
nvd
CVE-2025-47782P3HIGHCVSS 8.9v>= 0.43.1b1, < 0.43.1b42025-05-14
CVE-2025-47782 [HIGH] CWE-78 CVE-2025-47782: motionEye is an online interface for the software motion, a video surveillance program with motion d
motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with the `add`/`add_camera` motionEye web API allows an attacker with motionEye admin user credentials to execute any command within a non-interactive shell as moti
nvd
CVE-2026-31978P3MEDIUMCVSS 6.5fixed in 0.44.02026-06-24
CVE-2026-31978 [MEDIUM] CWE-22 CVE-2026-31978: motionEye (mEye) is an online interface for motion software, which is a video surveillance program w
motionEye (mEye) is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 are vulnerable to path traversal in the picture and movie API endpoints, suhc as /picture/{id}/preview/{filename}. Neither the API handlers, nor the mediafiles.py functions such as get_media_preview() chec
nvd