CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added last week•23 views

CVE-2026-34126 Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's Tapo L535E, P300 and D100C

7.3CVSS0.00007EPSS

ATTACKERKB•added last week•4 views

CVE-2026-34126

7.3CVSS5.8AI score0.00007EPSS

Exploits0References7

Vulnrichment•added last week•3 views

CVE-2026-34126 Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's Tapo L535E, P300 and D100C

7.3CVSS5.8AI score0.00007EPSS

CVE•added last week•5 views

CVE-2026-34126

Summary: CVE-2026-34126 affects TP-Link Tapo devices (L535E v1.0/v3.0, P300 v1.0, D100C v1.0). During the initialization phase, Bluetooth communication is transmitted in cleartext without encryption. A nearby attacker could exploit this via Bluetooth sniffing or man-in-the-middle to eavesdrop on ...

7.5CVSS5.8AI score0.00007EPSS

Exploits0References6Affected Software1

CNNVD•added 2026/05/28 12:0 a.m.•9 views

TP-Link多款产品安全漏洞

TP-Link Tapo L535E are products of the TP-Link company from China. The TP-Link Tapo L535E is a smart color-adjustable LED bulb. The TP-Link Tapo P300 is a smart Wi-Fi multi-port plug-in device. The TP-Link Tapo D100C is a smart video doorbell with a wireless doorbell buzzer. Several TP-Link...

7.3CVSS5.9AI score0.00007EPSS

OSV•added 2026/05/26 6:25 p.m.•5 views

USN-8167-2 xdg-dbus-proxy vulnerability

USN-8167-1 fixed a vulnerability in xdg-dbus-proxy. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that xdg-dbus-proxy incorrectly handled eavesdropping in policy rules. A local attacker could possibly use this issue to intercept...

Ubuntu•added 2026/05/26 6:25 p.m.•11 views

Exploits0References2

USN-8167-2: xdg-dbus-proxy vulnerability

RedhatCVE•added 2026/05/18 2:57 p.m.•7 views

Exploits0

CVE-2026-33603

A flaw was found in Dovecot. An attacker, positioned as a Man-in-the-Middle MITM between Dovecot and a client, can exploit a specially crafted base64 exchange to fake SCRAM TLS channel binding. This allows the attacker to eavesdrop on communications between Dovecot and the client, leading to...

6.8CVSS5.7AI score0.00009EPSS

Exploits0References4

SUSE CVE•added 2026/05/13 3:38 a.m.•4 views

SUSE CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

EUVD•added 2026/05/12 3:31 p.m.•4 views

Exploits0References3

EUVD-2026-29468

NVD•added 2026/05/12 2:17 p.m.•3 views

Exploits0References2

CVE-2026-33603

6.8CVSS0.00009EPSS

Vulnrichment•added 2026/05/12 1:28 p.m.•6 views

CVE-2026-33603

Cvelist•added 2026/05/12 1:28 p.m.•20 views

CVE-2026-33603

6.8CVSS0.00009EPSS

AlpineLinux•added 2026/05/12 1:28 p.m.•5 views

CVE-2026-33603

NVD•added 2026/05/12 6:16 a.m.•6 views

CVE-2026-41872

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server...

9.1CVSS0.0002EPSS

Exploits0References3

Cvelist•added 2026/05/12 5:21 a.m.•30 views

CVE-2026-41872

9.1CVSS0.0002EPSS

Exploits0References3

Positive Technologies•added 2026/05/12 12:0 a.m.•5 views

PT-2026-40025

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.4-1.1 Description An attacker positioned between Dovecot and the client connection can use a specially crafted base64 exchange to fake SCRAM TLS channel binding. This allows the attacker to act as a MITM...

RedhatCVE•added 2026/05/11 8:26 p.m.•4 views

Exploits0References21

CVE-2026-32683

Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video...

5.3CVSS5.8AI score0.00004EPSS

Exploits1References1

OSV•added 2026/05/09 12:30 p.m.•4 views

OESA-2026-2214 xdg-dbus-proxy security update

xdg-dbus-proxy is a filtering proxy for D-Bus connections. It was originally part of the flatpak project, but it has been broken out as a standalone module to facilitate using it in other contexts. Security Fixes: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy...