CVE-2026-0919 Unauthenticated Denial of Service via Oversized URL in HTTP Parser on TP-Link Tapo C210, C220 & C520WS

The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can...

CVE-2022-0919

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number ...

CVE-2017-0919 vulnerabilities

Vulnerabilities for packages: gitlab-operator-fips...

CVE-2023-0919

Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...

CVE-2021-0919

In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...

CVE-2013-0919

Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window...

SUSE SLES15 Security Update : kernel (Live Patch 4 for SLE 15 SP6) (SUSE-SU-2025:0919-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0919-1 advisory. This update for the Linux Kernel 6.4.0-1506002322 fixes several issues. The following security issues were fixed: - CVE-2024-46818:...

CVE-2024-0919

A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function dosetNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely...

RHEL 7 : openstack-ceilometer (RHSA-2019:0919)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0919 advisory. OpenStack Telemetry ceilometer collects customer usage data for metering purposes. Telemetry implements bus listener, push, and polling agents for da...

CVE-2024-0919

creationtimestamp| type| source ---|---|--- 2024-01-26 10:31:23+00:00| seen| https://t.me/ctinow/174110 2024-01-28 10:26:51+00:00| seen| https://t.me/ctinow/174883 2024-01-28 10:47:01+00:00| seen| https://t.me/arpsyndicate/3273 2024-02-02 23:16:28+00:00| seen| https://t.me/ctinow/178313...

CVE-2024-0919

CVE-2024-0919 affects TRENDnet TEW-815DAP v1.0.2.0. The vulnerability resides in the POST Request Handler’s do_setNTP function; manipulation of the NtpDstStart/NtpDstEnd parameters enables remote command injection. Public exploit exists. Impact is described as critical. Interim mitigations from P...

CVE-2024-0919 TRENDnet TEW-815DAP POST Request do_setNTP command injection

A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function dosetNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely...

CVE-2023-0919

creationtimestamp| type| source ---|---|--- 2023-02-19 18:15:03+00:00| seen| https://t.me/cibsecurity/58509...

CVE-2023-0919 Missing Authentication for Critical Function in kareadita/kavita

Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0...

CVE-2023-0919

CVE-2023-0919 affects kareadita/kavita prior to version 0.7.0, with a missing authentication for a critical function leading to an access control/authorization flaw. Public sources describe potential impact to confidentiality and integrity of protected information. Remediation: upgrade to 0.7.0 o...

CVE-2022-0919

creationtimestamp| type| source ---|---|--- 2022-04-11 18:16:05+00:00| seen| https://t.me/cibsecurity/40468...

CVE-2022-0919

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number ...

CVE-2022-0919

The CVE-2022-0919 vulnerability affects the WordPress plugin “Salon booking system Free and pro” (pre-7.6.3). The flaw is an authentication/authorization bypass in booking searches: unauthenticated users can search other people’s bookings and view sensitive data (full name, email, phone) associat...

CVE-2022-0919 Salon booking system < 7.6.3 - Unauthenticated Sensitive Data Disclosure

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number ...

GitLab <= 10.1.5, 10.2.x - 10.2.5, 10.3.x - 10.3.3 Multiple Vulnerabilities

GitLab is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...