CVE-2026-1457

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

Exploit for CVE-2026-1457

CVE-2026-1457: TP-Link VIGI C385 Authenticated Remote Code Exe...

CVE-2026-1457

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

CVE-2026-1457

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

CVE-2026-1457 Authenticated RCE Vulnerability Due to Buffer Overflow on TP-Link VIGI C385

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

CVE-2026-1457

CVE-2026-1457 is an authenticated buffer-overflow vulnerability in the TP-Link VIGI C385 V1 Web API (input sanitization flaw) that can cause memory corruption and allow remote code execution with elevated privileges. Affected product: TP-Link VIGI C385 V1. Impact: authenticated attackers may exec...

CVE-2026-1457 Authenticated RCE Vulnerability Due to Buffer Overflow on TP-Link VIGI C385

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

EUVD-2026-4967

An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges...

TP-Link VIGI C385 security vulnerabilities

The TP-Link VIGI C385 is a surveillance camera produced by the TP-Link company. The TP-Link VIGI C385 V1 version has a security vulnerability. This vulnerability stems from buffer handling defects in the Web API, along with insufficient input cleaning, which may lead to memory corruption and remo...

CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

WordPress LearnPress - WordPress LMS Plugin plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability

WordPress LearnPress - WordPress LMS Plugin plugin = 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API vulnerability discovered by andrea bocchetti in WordPress Plugin LearnPress versions = 4.3.2.4...

Synology DiskStation Manager Cross-Site Request Forgery (CVE-2024-45538)

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors. This plugin only works wit...

Synology DiskStation Manager Improper Control of Dynamically-Managed Code Resources (CVE-2024-5401)

Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...

Missing Authentication for Critical Function

Overview @mcpjam/inspector is a MCPJam Inspector Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the connect route in the HTTP API. An attacker can execute arbitrary commands on the host system by sending a crafted HTTP request containing...

CVE-2026-0717

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

CVE-2020-12021

In OSIsoft PI Web API 2019 Patch 1 1.12.0.6346 and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code...

CVE-2024-39873

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force...

CVE-2019-16243

On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the device's firmware over-the-air update settings. This web API is normally used by the system application...

CVE-2025-14059

CVE-2025-14059 : EmailKit – Email Customizer for WooCommerce & WP suffers Arbitrary File Read via Path Traversal in create_template REST endpoint. Authenticated attackers with Author+ permissions can craft input through the emailkit-editor-template parameter, whose value is passed to file_get_con...