Threat Intelligence Database

ThreatFox IOCs for 2026-06-26

CVE-2026-56414 is a high-severity vulnerability in the H.VIEW HV-500S6 IP Camera. Authenticated users can upload arbitrary files via certificate-related upload interfaces without validation of file type, structure, or size. This allows placing unexpected or malformed data in filesystem locations intended for trusted certificate material, potentially impacting system integrity or behavior even after reboot.

CVE-2026-55975 is a high-severity vulnerability in the H.VIEW HV-500S6 IP Camera. An authenticated user can supply unsanitized XML input to the device's certificate generation interface. This input is used in a backend command without proper validation, potentially allowing command execution with elevated privileges during certificate creation.

CVE-2026-33560 is a high-severity vulnerability in the Daktronics VFC-DMP-5000 file service. Authenticated users can upload arbitrary files without any validation or filtering, including executable binaries and scripts. This lack of file extension or content inspection allows potentially malicious files to be written directly to the server, posing a risk of code execution or system compromise.

Daktronics VFC-DMP-5000 devices are shipped with a default administrative web account that uses weak authentication controls. This default account is not required to be changed during initial setup or operation, allowing anyone with knowledge of the default credentials to gain full system access. The vulnerability is classified under CWE-798 (Use of Hard-coded Credentials) and has a high severity rating with a CVSS score of 8.1.

Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths.

MessagePack-CSharp's UnsafeBlitFormatterBase<T>.Deserialize method in Unity blit resolvers improperly allocates memory based on an attacker-controlled byte length without validating it against the actual payload size. This can lead to excessive memory allocation and potential out-of-memory exceptions or process termination on memory-constrained platforms when deserializing untrusted data. The vulnerability affects the MessagePack.UnityClient package and specific resolvers prior to patched versions. The issue is mitigated by upgrading to patched versions or avoiding use of vulnerable resolvers with untrusted input.

MessagePack-CSharp contains a vulnerability in its multi-dimensional array formatters where dimension lengths are read from untrusted payloads and used to allocate arrays before validating that the total element count matches the encoded data. This can lead to excessive memory allocation and potential out-of-memory conditions when deserializing untrusted data into multi-dimensional arrays such as T[,], T[,,], or T[,,,]. The issue affects versions prior to 2.5.301 and versions 3.0 up to but not including 3.1.7. Fixes are prepared but not yet released. Until patched, users should avoid deserializing untrusted payloads into multi-dimensional arrays and prefer safer data shapes.

MessagePack-CSharp's InterfaceLookupFormatter<TKey,TElement> constructs an internal dictionary using the default equality comparer instead of the security-aware comparer when deserializing ILookup<TKey,TElement>. This omission allows an attacker to craft payloads with colliding keys that degrade dictionary insertion performance, causing a CPU denial of service even when the application opts into untrusted-data security settings. The vulnerability affects versions of MessagePack prior to 2.5.301 and versions 3.0 up to but not including 3.1.7.

MessagePack-CSharp's typeless deserialization feature has a vulnerability where type restrictions do not recursively inspect array element types or generic type arguments. This allows an attacker to bypass outer-type blocklist checks by wrapping disallowed types inside arrays or generic containers. The issue affects applications that deserialize untrusted data using typeless serialization APIs. Fixes are available in versions 2.5.301 and 3.1.7. Users are advised to upgrade and avoid typeless deserialization of untrusted data or use explicit recursive allowlists.