CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/01/27 6:15 p.m.•3 views

CVE-2026-1315

7.5CVSS5.8AI score0.00252EPSS

Cvelist•added 2026/01/27 5:53 p.m.•20 views

CVE-2026-1315 Unauthenticated Denial of Service via Firmware Update Endpoint on TP-Link Tapo C220 & C520WS

7.1CVSS0.00252EPSS

CVE•added 2026/01/27 5:53 p.m.•7 views

CVE-2026-1315

The CVE-2026-1315 issue affects TP-Link Tapo C220 v1 and C520WS v2. An unauthenticated attacker can cause a persistent denial of service by sending crafted files to the firmware update endpoint, which terminates core system services before authentication or firmware integrity checks. This leads t...

7.5CVSS5.9AI score0.00252EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/01/27 5:53 p.m.•5 views

CVE-2026-1315 Unauthenticated Denial of Service via Firmware Update Endpoint on TP-Link Tapo C220 & C520WS

7.1CVSS5.9AI score0.00252EPSS

ATTACKERKB•added 2026/01/27 5:53 p.m.•3 views

CVE-2026-1315

7.1CVSS5.9AI score0.00252EPSS

Cvelist•added 2026/01/27 5:52 p.m.•18 views

CVE-2026-0919 Unauthenticated Denial of Service via Oversized URL in HTTP Parser on TP-Link Tapo C210, C220 & C520WS

The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can...

7.1CVSS0.0029EPSS

CVE•added 2026/01/27 5:52 p.m.•7 views

CVE-2026-0919

The CVE-2026-0919 issue concerns TP-Link Tapo C220 v1 and C520WS v2 cameras whose HTTP parser mishandles requests with an excessively long URL path. The error path continues into cleanup code that assumes allocated buffers exist, causing a crash and device reboot. An unauthenticated attacker can ...

7.5CVSS5.4AI score0.0029EPSS

Exploits0References7Affected Software1

EUVD•added 2026/01/27 5:52 p.m.•3 views

EUVD-2026-4791

The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force...

7.1CVSS6AI score0.0029EPSS

ATTACKERKB•added 2026/01/27 5:52 p.m.•3 views

CVE-2026-0919

7.5CVSS5.4AI score0.0029EPSS

Exploits0References8

Vulnrichment•added 2026/01/27 5:52 p.m.•4 views

CVE-2026-0918 Null Pointer Dereference in Tapo SmartCam HTTP Service on TP-Link Tapo C220 & C520WS

The Tapo C100 v5, C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated...

7.1CVSS5.3AI score0.00059EPSS

Cvelist•added 2026/01/27 5:52 p.m.•19 views

CVE-2026-0918 Null Pointer Dereference in Tapo SmartCam HTTP Service on TP-Link Tapo C220 & C520WS

7.1CVSS0.00059EPSS

ATTACKERKB•added 2026/01/27 5:52 p.m.•2 views

CVE-2026-0918

The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers a NULL pointer dereference, causing the main service process to crash. An unauthenticated attacker can...

7.1CVSS5.9AI score0.00059EPSS

EUVD•added 2026/01/27 5:52 p.m.•3 views

EUVD-2026-4792

7.1CVSS5.9AI score0.00059EPSS

CVE•added 2026/01/27 5:52 p.m.•8 views

CVE-2026-0918

CVE-2026-0918 affects TP-Link Tapo C220 v1 and C520WS v2 cameras. The HTTP service mishandles POST requests with an excessively large Content-Length header, causing a failed memory allocation and a NULL pointer dereference that crashes the main process. This allows an unauthenticated attacker to ...

7.5CVSS5.3AI score0.00059EPSS

Exploits0References7Affected Software1

Positive Technologies•added 2026/01/27 12:0 a.m.•4 views

PT-2026-4989

Name of the Vulnerable Software and Affected Versions Tapo C220 version 1 Tapo C520WS version 2 Description Sending specially crafted files to the firmware update endpoint can cause the device to terminate core system services before authentication or firmware integrity is verified. This allows a...

7.5CVSS5.8AI score0.00252EPSS

Exploits0References9

CNNVD•added 2026/01/27 12:0 a.m.•1 views

TP-Link Tapo C220 and TP-Link Tapo C520WS have security vulnerabilities

Both the TP-Link Tapo C220 and TP-Link Tapo C520WS are WiFi cameras produced by the Chinese company TP-Link. The TP-Link Tapo C220 v1 and TP-Link Tapo C520WS v2 have security vulnerabilities. These vulnerabilities stem from the fact that firmware updates terminate core services without verifying...

7.5CVSS5.8AI score0.00252EPSS

CNNVD•added 2026/01/27 12:0 a.m.•1 views

TP-Link Tapo C220 and TP-Link Tapo C520WS have security vulnerabilities

Both the TP-Link Tapo C220 and TP-Link Tapo C520WS are WiFi cameras produced by the Chinese company TP-Link. There are security vulnerabilities in the TP-Link Tapo C220 v1 version and the TP-Link Tapo C520WS v2 version. These vulnerabilities stem from the HTTP parser’s improper handling of reques...

7.5CVSS5.8AI score0.0029EPSS

CNNVD•added 2026/01/27 12:0 a.m.•1 views

TP-Link Tapo C220 and TP-Link Tapo C520WS have security vulnerabilities

Both the TP-Link Tapo C220 and the TP-Link Tapo C520WS are WiFi cameras produced by the Chinese company TP-Link. There are security vulnerabilities in the TP-Link Tapo C220 v1 version and the TP-Link Tapo C520WS v2 version. These vulnerabilities stem from the HTTP service improperly handling POST...

7.5CVSS5.8AI score0.00059EPSS