| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33470 | Frigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webp | blakeblackshear | frigate | Medium | 6.5 | 2026-03-26 17:06:55 | Deep Dive |
| CVE-2026-33469 | Authenticated Frigate users can read the full unredacted configuration via `/api/config/raw | blakeblackshear | frigate | Medium | 6.5 | 2026-03-26 17:05:30 | Deep Dive |
| CVE-2026-33126 | Frigate has SSRF vulnerability in /ffprobe endpoint | blakeblackshear | frigate | Medium | 5.0 | 2026-03-20 19:57:16 | Deep Dive |
| CVE-2026-33125 | Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts | blakeblackshear | frigate | High | 7.1 | 2026-03-20 09:22:39 | Deep Dive |
| CVE-2026-33124 | Frigate has insecure password change functionality | blakeblackshear | frigate | 中危 | - | 2026-03-20 09:16:05 | Deep Dive |
| CVE-2026-25643 | Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape | blakeblackshear | frigate | Critical | 9.1 | 2026-02-06 19:16:26 | Deep Dive |
| CVE-2025-62382 | Frigate Vulnerable to Arbitrary File Read via Export Thumbnail "image_path" parameter | blakeblackshear | frigate | High | 7.7 | 2025-10-15 17:07:56 | Deep Dive |
| CVE-2024-32874 | In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service | blakeblackshear | frigate | Medium | 6.8 | 2024-05-09 14:20:04 | Deep Dive |
| CVE-2023-45672 | Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py` | blakeblackshear | frigate | High | 7.5 | 2023-10-30 22:49:46 | Deep Dive |
| CVE-2023-45671 | Frigate reflected XSS through `/<camera_name>` API endpoints | blakeblackshear | frigate | Medium | 4.7 | 2023-10-30 22:41:17 | Deep Dive |
| CVE-2023-45670 | Frigate cross-site request forgery in `config_save` and `config_set` request handlers | blakeblackshear | frigate | High | 7.5 | 2023-10-30 22:38:19 | Deep Dive |