VYPR
Vendor

Tasmota

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2026-38427HigMay 27, 2026
    risk 0.47cvss 7.3epss 0.00

    An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16_t variable; values above 65535 wrap around, causing allocation of a smaller buffer than…

  • CVE-2026-38426HigMay 27, 2026
    risk 0.47cvss 7.3epss 0.01

    Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jpg(), jpg_task.boundary[40], strcpy() function.

  • CVE-2026-38422HigMay 27, 2026
    risk 0.47cvss 7.3epss 0.01

    Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the tasmota/tasmota_xdrv_driver/xdrv_10_scripter.ino, fetch_jpg() function.

  • CVE-2021-36603MedJan 9, 2023
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1".

  • CVE-2022-43294CriNov 14, 2022
    risk 0.00cvss 9.8epss 0.01

    Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was discovered to contain a stack overflow via the ClientPortPtr parameter at lib/libesp32/rtsp/CRtspSession.cpp.