CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3202 matches found

CVE-2026-57877 GV-LPC2011/LPC2211 - unauthorized format string vulnerability (vlsvr)

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this...

8.6CVSS0.00247EPSS

Exploits0References1

EUVD•added 2026/06/16 10:16 a.m.•8 views

EUVD-2026-37062

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

8.6CVSS5.3AI score0.00472EPSS

Exploits0References1

Vulnrichment•added 2026/06/16 10:16 a.m.•6 views

CVE-2026-10828

6.9CVSS5.3AI score0.00472EPSS

Exploits0References1

CVE•added 2026/06/16 10:16 a.m.•17 views

CVE-2026-10828

The CVE-2026-10828 affects the NPort W2150A-W4/W2250A-W4 Serial Param config page, where the alias parameter is vulnerable to format-string handling due to insufficient input validation in version 1.5 and earlier. This can lead to memory disclosure and potential ASLR bypass. No exploitation detai...

6.9CVSS5.4AI score0.0031EPSS

Exploits0References1

Positive Technologies•added 2026/06/16 12:0 a.m.•10 views

PT-2026-49653

6.9CVSS5.3AI score0.0031EPSS

Exploits0References3

NVD•added 2026/06/13 9:16 p.m.•10 views

CVE-2026-12174

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has...

9CVSS0.00582EPSS

Exploits0References6

CVE•added 2026/06/13 8:15 p.m.•24 views

CVE-2026-12174

CVE-2026-12174 affects D-Link DCS-935L firmware 1.10.01. The vulnerability is in the HTTP Handler’s function snprintf used by /web/cgi-bin/greece/rhea, allowing format-string manipulation. This can enable a remote attacker to exploit the flaw; public exploits have been disclosed. The available do...

9CVSS7.6AI score0.00582EPSS

Exploits0References6Affected Software1

EUVD•added 2026/06/12 12:31 a.m.•7 views

EUVD-2026-36326

An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, which can be used to manipulate stack memory, including control flow data such as return...

7CVSS5.7AI score0.00463EPSS

Exploits0References5

Cvelist•added 2026/06/11 8:46 p.m.•24 views

CVE-2026-6250 Authenticated Format String Injection on TP-Link Tapo C110

7CVSS0.00463EPSS

Exploits0References4

CNNVD•added 2026/06/11 12:0 a.m.•16 views

TP-Link Tapo C110 格式化字符串错误漏洞

The TP-Link Tapo C110 is an indoor network camera produced by TP-Link Corporation. The TP-Link Tapo C110 v2 has a vulnerability related to formatted string handling. This vulnerability stems from improper processing of user control inputs in the ONVIF service. It is possible for authenticated...

8.1CVSS5.3AI score0.00463EPSS

Exploits0References1

Positive Technologies•added 2026/06/11 12:0 a.m.•15 views

PT-2026-48786

Name of the Vulnerable Software and Affected Versions Tapo C110 v2 Description A format string injection exists in the ONVIF service due to improper handling of user-controlled input. Externally controlled data is interpreted as a format string, allowing for the manipulation of stack memory,...

8.1CVSS5.5AI score0.00463EPSS

Exploits0References8

RedhatCVE•added 2026/06/07 12:43 a.m.•10 views

CVE-2026-6241

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...

6.8CVSS5.5AI score0.00163EPSS

Exploits0References1

EUVD•added 2026/06/06 12:31 a.m.•10 views

EUVD-2026-34936

6.8CVSS5.5AI score0.00163EPSS

Exploits0References4

EUVD•added 2026/06/06 12:31 a.m.•11 views

EUVD-2026-34937

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS5.5AI score0.00174EPSS

Exploits0References4

NVD•added 2026/06/06 12:16 a.m.•11 views

CVE-2026-6242

6.8CVSS0.00174EPSS

Exploits0References3

Vulnrichment•added 2026/06/05 11:52 p.m.•7 views

CVE-2026-6242 Authenticated Format String Vulnerability in ONVIF Subscribe Service on TP-Link Tapo C520WS

6.8CVSS5.5AI score0.00174EPSS

Exploits0References3

ATTACKERKB•added 2026/06/05 11:52 p.m.•8 views

CVE-2026-6241

6.8CVSS5.5AI score0.00163EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:31 p.m.•10 views

CVE-2026-33448

CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets...

4.8CVSS5.5AI score0.001EPSS

Exploits0References1

Positive Technologies•added 2026/06/05 12:0 a.m.•16 views

PT-2026-47079

6.8CVSS5.5AI score0.00174EPSS

Exploits0References4