CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 3 hours ago•3 views

EUVD-2026-34934

A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive...

EUVD•added 3 hours ago•3 views

EUVD-2026-34936

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...

EUVD•added 3 hours ago•3 views

EUVD-2026-34935

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers ...

6.8CVSS5.9AI score

NVD•added 3 hours ago•4 views

CVE-2026-6241

6.8CVSS

NVD•added 3 hours ago•4 views

CVE-2026-6240

6.8CVSS

NVD•added 3 hours ago•3 views

CVE-2026-6239

6.8CVSS

ATTACKERKB•added yesterday•4 views

CVE-2026-6241

CVE•added yesterday•10 views

CVE-2026-6241

An authenticated format-string vulnerability affects TP-Link Tapo C520WS v2 (ONVIF AddScopes). User-controlled input is passed to formatting functions without proper sanitization, enabling injection of format specifiers that can manipulate memory handling. Exploitation may cause the ONVIF managem...

ATTACKERKB•added yesterday•4 views

CVE-2026-6240

6.8CVSS5.9AI score

CVE•added yesterday•7 views

CVE-2026-6240

CVE-2026-6240 affects Tapo C520WS v2. A stack-based overflow in the ONVIF DeleteUsers service occurs when handling an excessive number of user identifiers, due to insufficient boundary checks. An authenticated attacker can send a crafted request, potentially causing a service crash or deadlock th...

6.8CVSS5.9AI score

ATTACKERKB•added yesterday•4 views

CVE-2026-6239

CVE•added yesterday•9 views

CVE-2026-6239

Summary: A stack-based buffer overflow affects TP-Link Tapo C520WS v2 in the ONVIF CreateUsers service. The issue arises from improper validation of the number of XML user nodes during request processing. An authenticated attacker can submit a crafted ONVIF request with an excessive number of use...

NVD•added yesterday•4 views

CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS

Cvelist•added yesterday•9 views

CVE-2026-45409 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs to idna.encode() can bypass CVE-2024-3651 fix

6.9CVSS

ATTACKERKB•added yesterday•3 views

CVE-2026-45409

7.5CVSS6.6AI score0.00689EPSS

Exploits1References2Affected Software1

CVE•added yesterday•6 views

CVE-2026-45409

CVE-2026-45409 affects Python’s IDNA handling (idna.encode) in Python-idna. A specially crafted input could cause heavy resource consumption and potential DoS. The issue mirrors CVE-2024-3651; fixes were extended in 3.14–3.15 to reject long inputs earlier and more broadly (per-label conversions a...

6.9CVSS6.3AI score

EUVD•added yesterday•3 views

EUVD-2026-34921

7.5CVSS5.4AI score0.00689EPSS

Exploits1References1

OSV•added yesterday•2 views

GHSA-5X67-J5XG-C5GJ Bugsink: DOS using large numbers of event tags

Summary In affected versions, Bugsink stores every tag supplied with an incoming event. An event with an unusually large number of custom i.e. supplied by an attacker tags can therefore make ingestion spend more time than intended writing tag rows. Bugsink uses a single-writer database...

4.3CVSS5.5AI score