|
171
|
- |
|
-
|
-
|
An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacke…
New
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6242
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
172
|
- |
|
-
|
-
|
An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitizatio…
New
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2026-6241
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
173
|
- |
|
-
|
-
|
A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenti…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-6240
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
174
|
- |
|
-
|
-
|
A stack‑based
buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where
the device fails to properly validate the number of XML user nodes during
request processi…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-6239
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
175
|
- |
|
-
|
-
|
On Tapo
C520WS v2, restricted accounts (for example, hub users) are intended to execute
only a limited set of low‑sensitivity operations. Due to a logic flaw in the
device’s API authorization mechani…
New
|
CWE-287
Improper Authentication
|
CVE-2026-34123
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
176
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to A…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-10038
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
177
|
3.8 |
LOW
Network
|
-
|
-
|
The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_si…
New
|
CWE-73
External Control of File Name or Path
|
CVE-2025-12656
|
2026-06-6 09:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
178
|
8.8 |
HIGH
Network
|
-
|
-
|
The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7654
|
2026-06-6 08:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
179
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to pe…
New
|
CWE-862
Missing Authorization
|
CVE-2026-7523
|
2026-06-6 08:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
180
|
- |
|
-
|
-
|
Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prio…
New
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2026-45409
|
2026-06-6 08:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
