The CRAC Learning team is back with another CVE as part of the Smart Home Security Research Program. An unauthenticated configuration issue in the connectAP API of the TP-Link Tapo C100 v5 IP camera. The bug allows a local attacker on the same network segment to submit unauthorized Wi-Fi reconfiguration requests to the device, forcing the camera to connect to an attacker-controlled network and causing service denial, stream loss, and a broader confidentiality impact. TP-Link assigned us this...

CVSS: 10.0 (Critical) Software Affected: Microsoft Azure Cloud Shell Vulnerable Versions: Azure Cloud Shell service (specific versions not publicly listed; cloud service vulnerability) Fixed Versions: Vendor-side mitigation applied by Microsoft (service-level patching expected) Environments Impacted: Cloud environments using Azure Cloud Shell DevOps and cloud administration environments Enterprise Azure infrastructure management workflows Systems relying on browser-based cloud...

CVE-2026-28292 : simple-git Remote Code Execution Vulnerability CVSS: 9.8 Critical Affected Versions Software Affected: simple-git (Node.js Git wrapper library) Vulnerable Versions: simple-git 3.15.0 – 3.32.2 Fixed Versions: simple-git 3.32.3 or later Environments Impacted: Node.js applications using the simple-git library Backend services performing Git operations programmatically CI/CD automation tools using simple-git Cloud applications handling repository operations with user-supplied...