Lucene search
+L

142 matches found

EUVD
EUVD
added 2026/04/02 6:31 p.m.4 views

EUVD-2026-18430

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/02 5:19 p.m.1 views

CVE-2026-34120 Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:19 p.m.8 views

CVE-2026-34119

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input. An...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References4
CVE
CVE
added 2026/04/02 5:19 p.m.28 views

CVE-2026-34119

CVE-2026-34119 — TP-Link Tapo C520WS (v2.6) shows a heap-based buffer overflow in the HTTP parsing loop when appending segmented request bodies, due to insufficient boundary validation for externally supplied HTTP input. The issue can allow heap memory corruption on the device when an attacker on...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:19 p.m.4 views

CVE-2026-34118

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input. An...

7.1CVSS6.1AI score0.00259EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.9 views

PT-2026-29846

Name of the Vulnerable Software and Affected Versions TP-Link Tapo C520WS version 2.6 Description A heap-based buffer overflow exists in the HTTP POST body parsing logic due to insufficient boundary validation and missing validation of remaining buffer capacity after dynamic allocation when...

7.1CVSS6.9AI score0.00259EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.4 views

PT-2026-29848

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.5 views

CVE-2025-11571

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

2.1CVSS6AI score0.00443EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/24 6:31 p.m.7 views

EUVD-2025-208962

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

2.1CVSS6AI score0.00443EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 5:16 p.m.12 views

CVE-2025-11571

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

2.1CVSS0.00443EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 4:26 p.m.25 views

CVE-2025-11571 Command Execution vulnerability in Simplicity Installer

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

2.1CVSS0.00443EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/24 4:26 p.m.5 views

CVE-2025-11571 Command Execution vulnerability in Simplicity Installer

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

2.1CVSS6AI score0.00443EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 4:26 p.m.4 views

CVE-2025-11571

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

2.1CVSS6AI score0.00443EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.8 views

PT-2026-27455

Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can open executables. However, the commands cannot pass parameters or arguments. To successfully execute this attack, the attacker needs to be on the sam...

2.1CVSS6AI score0.00443EPSS
Exploits0References2
NVD
NVD
added 2026/03/19 6:16 p.m.3 views

CVE-2026-26933

Improper Validation of Array Index CWE-129 in multiple protocol parser components in Packetbeat can lead Denial of Service via Input Data Manipulation CAPEC-153. An attacker with the ability to send specially crafted, malformed network packets to a monitored network interface can trigger...

5.7CVSS0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/03/17 10:16 p.m.6 views

CVE-2026-32838

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data...

8.7CVSS0.00142EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/17 9:42 p.m.4 views

CVE-2026-32838 Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data...

8.7CVSS5.8AI score0.00142EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/17 9:42 p.m.19 views

CVE-2026-32838 Edimax GS-5008PL <= 1.00.54 Transmits Credentials Over Cleartext HTTP

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data...

8.7CVSS0.00142EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/10 4:44 p.m.32 views

CVE-2026-22627

A buffer copy without checking size of input 'classic buffer overflow' vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet...

8.8CVSS0.00286EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 5:25 p.m.4 views

CVE-2026-24455

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network...

7.5CVSS0.00242EPSS
Exploits0References2
Rows per page
Query Builder