CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

351 matches found

EUVD-2026-33978

TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to...

7.1CVSS6.1AI score0.00035EPSS

Exploits0References4

Cvelist•added 2 days ago•29 views

CVE-2026-1871 Authenticated Stack-based Buffer Overflow in RTSP Authentication of Tapo C200

7.1CVSS0.00035EPSS

Exploits0References4

ATTACKERKB•added 2 days ago•2 views

CVE-2026-1871

7.1CVSS6.1AI score0.00035EPSS

Exploits0References5

Vulnrichment•added 2 days ago•4 views

CVE-2026-1871 Authenticated Stack-based Buffer Overflow in RTSP Authentication of Tapo C200

7.1CVSS6.1AI score0.00035EPSS

Exploits0References4

CVE•added 2 days ago•4 views

CVE-2026-1871

CVE-2026-1871 affects TP-Link Tapo C200 v5. The issue is a stack-based buffer overflow in the RTSP authentication handling caused by improper validation of Authorization header lengths. Exploitation triggers a crash of the RTSP core service and an automatic system reboot, resulting in a DoS that ...

7.1CVSS6.1AI score0.00035EPSS

Exploits0References4

Positive Technologies•added 2 days ago•3 views

PT-2026-45796

7.1CVSS6.1AI score0.00035EPSS

Exploits0References5

NVD•added last week•3 views

CVE-2026-34126

TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext without encryption. Bluetooth is only used during initialization. An attacker within the Bluetooth rang...

7.5CVSS0.00007EPSS

Exploits0References6

EUVD•added last week•6 views

EUVD-2026-32969

7.3CVSS5.8AI score0.00007EPSS

Exploits0References6

Cvelist•added last week•23 views

CVE-2026-34126 Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's Tapo L535E, P300 and D100C

7.3CVSS0.00007EPSS

Exploits0References6

ATTACKERKB•added last week•4 views

CVE-2026-34126

7.3CVSS5.8AI score0.00007EPSS

Exploits0References7

Vulnrichment•added last week•3 views

CVE-2026-34126 Bluetooth Communication Uses Unencrypted Transmission During Initial Setup on TP-Link's Tapo L535E, P300 and D100C

7.3CVSS5.8AI score0.00007EPSS

Exploits0References6

CVE•added last week•5 views

CVE-2026-34126

Summary: CVE-2026-34126 affects TP-Link Tapo devices (L535E v1.0/v3.0, P300 v1.0, D100C v1.0). During the initialization phase, Bluetooth communication is transmitted in cleartext without encryption. A nearby attacker could exploit this via Bluetooth sniffing or man-in-the-middle to eavesdrop on ...

7.5CVSS5.8AI score0.00007EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/05/28 12:0 a.m.•3 views

PT-2026-44456

7.3CVSS5.8AI score0.00007EPSS

Exploits0References7

CNNVD•added 2026/05/28 12:0 a.m.•9 views

TP-Link多款产品安全漏洞

TP-Link Tapo L535E are products of the TP-Link company from China. The TP-Link Tapo L535E is a smart color-adjustable LED bulb. The TP-Link Tapo P300 is a smart Wi-Fi multi-port plug-in device. The TP-Link Tapo D100C is a smart video doorbell with a wireless doorbell buzzer. Several TP-Link...

7.3CVSS5.9AI score0.00007EPSS

Exploits0References6

RedhatCVE•added 2026/04/03 11:2 p.m.•0 views

CVE-2026-34118

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input. An...

7.1CVSS6.2AI score0.00025EPSS

Exploits0References1

RedhatCVE•added 2026/04/03 11:1 p.m.•1 views

CVE-2026-34121

An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an...

8.8CVSS6AI score0.00123EPSS

Exploits0References1

RedhatCVE•added 2026/04/03 11:1 p.m.•1 views

CVE-2026-34120

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could...

7.1CVSS6.2AI score0.00025EPSS

Exploits0References1

RedhatCVE•added 2026/04/03 11:1 p.m.•3 views

CVE-2026-34124

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

7.1CVSS6.2AI score0.00031EPSS

Exploits0References1

RedhatCVE•added 2026/04/03 11:1 p.m.•0 views

CVE-2026-34119

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input. An...

7.1CVSS6.2AI score0.00025EPSS

Exploits0References1

Positive Technologies•added 2026/04/03 12:0 a.m.•1 views

PT-2026-30216

⚠️ Vulnerability Alert: Multiple Buffer Overflow and Auth Bypass Vulnerabilities in TP-Link Tapo C520WS CVE-2026-34118 through CVE-2026-34124 📅 Timeline: Disclosure: 2026-04-02; Patch: Not stated 🆔 CVE-2026-34118 | 📊 CVSS: 7.1 HIGH 🟠 🆔 CVE-2026-34119 | 📊 CVSS: 7.1 HIGH 🟠 🆔 CVE-2026-34120 | 📊 CVSS:...

8.7CVSS6.7AI score0.00123EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by