Lucene search
+L

10 matches found

euvd
euvd
added 2026/07/09 7:22 a.m.7 views

EUVD-2026-42533

A Missing Authentication vulnerability was discovered in the SSH keys synchronization endpoint. An unauthenticated attacker can send a request to the SSH keys synchronization endpoint and obtain the list of users that have uploaded their public SSH keys, their groups, and the uploaded public SSH...

6.9CVSS6AI score0.00235EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/02/26 12:0 a.m.8 views

actual 安全漏洞

actual is a personal finance tool developed by Actual OpenSource. Versions prior to 26.2.1 of actual contained a security vulnerability. This vulnerability stemmed from the lack of verification of file ownership at the synchronization API endpoint, which could allow arbitrary user budget files to...

7.1CVSS5.9AI score0.00295EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/02/11 7:44 p.m.5 views

CVE-2026-0653

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...

7.2CVSS5.8AI score0.00386EPSS
Exploits2References1
nvd
nvd
added 2026/02/10 6:16 p.m.10 views

CVE-2026-0653

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...

7.2CVSS0.00386EPSS
Exploits2References4
osv
osv
added 2026/02/10 6:16 p.m.4 views

CVE-2026-0653

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...

6.5CVSS5.8AI score0.00386EPSS
Exploits2References4
vulnrichment
vulnrichment
added 2026/02/10 5:27 p.m.9 views

CVE-2026-0653 Insecure Access Control on TP-Link Tapo D235 and C260

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...

7.2CVSS5.8AI score0.00386EPSS
Exploits2References4
cvelist
cvelist
added 2026/02/10 5:27 p.m.34 views

CVE-2026-0653 Insecure Access Control on TP-Link Tapo D235 and C260

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...

7.2CVSS0.00386EPSS
Exploits2References4
cve
cve
added 2026/02/10 5:27 p.m.30 views

CVE-2026-0653

CVE-2026-0653 affects TP-Link Tapo C260 v1 and D235 v1. A guest-level authenticated user can bypass access controls by sending crafted requests to a synchronization endpoint, enabling modification of protected device settings with limited privileges. Root cause: insufficient access control leadin...

7.2CVSS5.8AI score0.00386EPSS
Exploits2References4Affected Software1
ptsecurity
ptsecurity
added 2026/02/10 12:0 a.m.11 views

PT-2026-7324

Name of the Vulnerable Software and Affected Versions TP-Link Tapo C260 version 1 Description A guest-level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited...

7.2CVSS5.8AI score0.00386EPSS
Exploits2References8
cnnvd
cnnvd
added 2026/02/06 12:0 a.m.10 views

Trilium Notes 安全漏洞

Trilium Notes is a hierarchical note-taking application developed by Zadam, the individual developer of this project. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.101.0 contained security vulnerabilities. These vulnerabilities stemmed from critical...

7.4CVSS5.8AI score0.00509EPSS
Exploits2References3
Rows per page
Query Builder