Lucene search
K

14 matches found

Vulnrichment
Vulnrichment
added 2026/04/02 5:20 p.m.1 views

CVE-2026-34124 Denial of Service via Path Expansion Overflow in HTTP Service in TP-Link Tapo C520WS

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

7.1CVSS6.2AI score0.00296EPSS
Exploits0References3
CVE
CVE
added 2026/04/02 5:19 p.m.24 views

CVE-2026-34119

CVE-2026-34119 — TP-Link Tapo C520WS (v2.6) shows a heap-based buffer overflow in the HTTP parsing loop when appending segmented request bodies, due to insufficient boundary validation for externally supplied HTTP input. The issue can allow heap memory corruption on the device when an attacker on...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by TP-Link Corporation. The TP-Link Tapo C520WS v2.6 version has a security vulnerability. This vulnerability stems from inconsistencies in the JSON request parsing and authorization logic during the authentication check in the DS configuration...

8.8CVSS6AI score0.00447EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/09 12:0 a.m.7 views

RHEL 8 : git-lfs (RHSA-2026:3973)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3973 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while...

7.5CVSS5.9AI score0.01945EPSS
Exploits2References6
OSV
OSV
added 2026/02/27 8:52 a.m.2 views

OPENSUSE-SU-2026:20283-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer overflow bsc1257598...

8.6CVSS6AI score0.00947EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.13 views

PT-2026-21592

Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1 Description free5gc UDM provides Unified Data Management for free5GC, an open-source 5G mobile core network project. Remote attackers can inject control characters, such as %00, into the supi...

8.7CVSS5.8AI score0.00506EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2025/02/26 12:0 a.m.8 views

PT-2025-68: Stack-based buffer overflow during HTTP boundary-content parsing in LCD KVM over IP switch CL5708IM

The vulnerability was identified in LCD KVM over IP switch CL5708IM firmware version v2.2.215. The discovered vulnerability allows an attacker to achieve remote code execution or a denial‑of‑service condition. It is triggered by a stack‑based buffer overflow when parsing multipart boundary tags,...

10CVSS6.7AI score0.01424EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/04/19 12:0 a.m.8 views

The vulnerability of the LibHTP library, related to unlimited resource distribution, allows attackers to cause service failures.

The vulnerability of the LibHTP library is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

7.8CVSS7.2AI score0.00841EPSS
Exploits0References5Affected Software2
RedHat Linux
RedHat Linux
added 2022/04/29 1:8 p.m.3 views

python-twisted: possible http request smuggling

A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass through multiple HTT...

8.1CVSS7.3AI score0.028EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/04/29 8:16 a.m.3 views

python-twisted: possible http request smuggling

A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass through multiple HTT...

8.1CVSS7.3AI score0.028EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.5 views

OpenText Brava! 缓冲区错误漏洞

OpenText Brava! Desktop is a Windows-based viewing and collaboration tool that lets you easily view and collaborate on almost any file. An out-of-bounds write vulnerability exists in the parsing of DWF files in OpenText Brava! Desktop. The vulnerability stems from a lack of proper validation of...

7.8CVSS5.9AI score0.01419EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/09/17 1:7 p.m.6 views

jetty: HTTP request smuggling

In Eclipse Jetty, versions 9.2.x and older, 9.3.x all configurations, and 9.4.x non-default configuration with RFC2616 compliance enabled, transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a...

9.8CVSS7.3AI score0.16154EPSS
Exploits0References4
OSV
OSV
added 2018/10/01 8:29 a.m.4 views

CVE-2018-17846

The html package aka x/net/html through 2018-09-25 in Go mishandles , leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification...

7.5CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2016/11/17 12:0 a.m.5 views

UBUNTU-CVE-2016-5292

During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox 50...

6.5CVSS6.9AI score0.01509EPSS
Exploits0References4
Rows per page
Query Builder