CVE-2026-6239

A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive...

CVE-2026-6239

A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive...

CVE-2026-28782 Craft has a Permission Bypass and IDOR in Duplicate Entry Action

Craft is a content management system CMS. Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate" entry action does not properly verify if the user has permission to perform this action on the specific target elements. Even with only "View Entries" permission where the "Duplicate" action is...

IDOR allowing to see other users' entries

Description The exporting entry functionality is vulnerable to an IDOR attack. Proof of Concept 1. Create a new entry as an existing user. Let's say the entry's id is 1. 1. Create a new user and login as them. 1. Go to http://localhost:8000/export/1.txt...

URL Bar Redirection

firefox is vulnerable url bar redirection. An attacker is able to intercept a user's entry into the address bar and redirect the user...

CVE-2005-1748

The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service...