Overview
- Ivanti
- Endpoint Manager Mobile
29 Jan 2026
Published
26 Feb 2026
Updated
CVSS v3.1
CRITICAL (9.8)
EPSS
50.87%
KEV
Description
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Statistics
- 1 Post
Last activity: 10 hours ago
Overview
- TP-Link Systems Inc.
- Tapo C260 v1
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.16%
KEV
Description
On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cause full device compromise.
Statistics
- 1 Post
Last activity: 10 hours ago
Overview
- TP-Link Systems Inc.
- Tapo C260 v1
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.08%
KEV
Description
On TP-Link Tapo C260 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists on the device, with no read, write or code execution possibilities.
Statistics
- 1 Post
Last activity: 10 hours ago
Overview
- TP-Link Systems Inc.
- Tapo C260 v1
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v4.0
HIGH (7.2)
EPSS
0.05%
KEV
Description
On TP-Link Tapo C260 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration parameters without authorization, resulting in unauthorized device state manipulation but not full code execution.
Statistics
- 1 Post
Last activity: 10 hours ago