Skip to main content

Pixera Two Media Server

2 CVEs product

Monthly

CVE-2026-7704 LOW POC PATCH Monitor

Path traversal vulnerability in AV Stumpfl Pixera Two Media Server up to version 25.1 R2 allows adjacent network attackers to access arbitrary files via manipulation of an unknown function on Service Port 1338. The vulnerability has a low CVSS score of 2.1 due to adjacency requirement (AV:A) and confidentiality-only impact, but publicly available exploit code exists and the vendor has released a patch in version 25.2 R3.

Path Traversal Pixera Two Media Server
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-7703 MEDIUM POC PATCH This Month

Code injection via Websocket API in AV Stumpfl Pixera Two Media Server ≤25.2 R2 allows unauthenticated remote attackers to execute arbitrary code with low complexity. Publicly available exploit code (GitHub Gist) enables network-based compromise with partial impact to confidentiality, integrity, and availability (CVSS:3.1/C:L/I:L/A:L). Vendor-released patch version 25.2 R3 addresses the vulnerability. Despite network vector and proof-of-concept availability, no CISA KEV listing or EPSS data indicates limited observed exploitation at time of analysis.

RCE Code Injection Pixera Two Media Server
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

Path traversal vulnerability in AV Stumpfl Pixera Two Media Server up to version 25.1 R2 allows adjacent network attackers to access arbitrary files via manipulation of an unknown function on Service Port 1338. The vulnerability has a low CVSS score of 2.1 due to adjacency requirement (AV:A) and confidentiality-only impact, but publicly available exploit code exists and the vendor has released a patch in version 25.2 R3.

Path Traversal Pixera Two Media Server
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Code injection via Websocket API in AV Stumpfl Pixera Two Media Server ≤25.2 R2 allows unauthenticated remote attackers to execute arbitrary code with low complexity. Publicly available exploit code (GitHub Gist) enables network-based compromise with partial impact to confidentiality, integrity, and availability (CVSS:3.1/C:L/I:L/A:L). Vendor-released patch version 25.2 R3 addresses the vulnerability. Despite network vector and proof-of-concept availability, no CISA KEV listing or EPSS data indicates limited observed exploitation at time of analysis.

RCE Code Injection Pixera Two Media Server
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy