9 matches found
actual 安全漏洞
actual is a personal finance tool developed by Actual OpenSource. Versions prior to 26.2.1 of actual contained a security vulnerability. This vulnerability stemmed from the lack of verification of file ownership at the synchronization API endpoint, which could allow arbitrary user budget files to...
CVE-2026-0653
On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...
CVE-2026-0653
On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...
CVE-2026-0653
On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...
CVE-2026-0653
CVE-2026-0653 affects TP-Link Tapo C260 v1 and D235 v1. A guest-level authenticated user can bypass access controls by sending crafted requests to a synchronization endpoint, enabling modification of protected device settings with limited privileges. Root cause: insufficient access control leadin...
CVE-2026-0653 Insecure Access Control on TP-Link Tapo D235 and C260
On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...
CVE-2026-0653 Insecure Access Control on TP-Link Tapo D235 and C260
On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...
PT-2026-7324
Name of the Vulnerable Software and Affected Versions TP-Link Tapo C260 version 1 Description A guest-level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited...
Trilium Notes 安全漏洞
Trilium Notes is a hierarchical note-taking application developed by Zadam, the individual developer of this project. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.101.0 contained security vulnerabilities. These vulnerabilities stemmed from critical...