Lucene search
K

9080 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.8 views

CVE-2026-45599

Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...

8.1CVSS5.7AI score0.0052EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.15 views

CVE-2026-45635

Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...

8.1CVSS0.0052EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-45599

Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...

8.1CVSS0.0052EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:5 p.m.7 views

CVE-2026-45635 Windows UPnP Device Host Remote Code Execution Vulnerability

...

8.1CVSS5.4AI score0.0052EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:5 p.m.45 views

CVE-2026-45635

CVE-2026-45635 affects Windows UPnP Device Host through a use-after-free in upnp.dll, enabling remote code execution over the network. The issue is tied to the Universal Plug and Play component, with impact described as remote, unauthenticated code execution; CVSSv3.1 base score 8.1 (HIGH). Affec...

8.1CVSS5.7AI score0.0052EPSS
Exploits0References1Affected Software13
EUVD
EUVD
added 2026/06/09 5:5 p.m.11 views

EUVD-2026-35563

Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...

8.1CVSS5.7AI score0.0052EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 5:5 p.m.35 views

CVE-2026-45599 Windows UPnP Device Host Remote Code Execution Vulnerability

...

8.1CVSS0.0052EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:5 p.m.12 views

EUVD-2026-35556

Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...

8.1CVSS5.7AI score0.0052EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:5 p.m.28 views

CVE-2026-45599

The CVE-2026-45599 entry describes a use-after-free in Windows’ Universal Plug and Play component (upnp.dll) that enables a remote attacker to execute code over the network via the UPnP Device Host. The vulnerability is rated CVSSv3.1: 8.1 (HIGH) with Network attack vector, no privileges required...

8.1CVSS5.7AI score0.0052EPSS
Exploits0References1Affected Software13
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.9 views

Windows UPnP Device Host Remote Code Execution Vulnerability

Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...

8.1CVSS5.7AI score0.0052EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47988

Name of the Vulnerable Software and Affected Versions Universal Plug and Play affected versions not specified Description A use after free issue in the Universal Plug and Play component upnp.dll allows an unauthorized remote attacker to execute arbitrary code and affect the system over a network...

8.1CVSS5.9AI score0.0052EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-36611

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 returns 128 bytes of uninitialized buffer when receiving POST requests without SOAPAction header on UPnP port 1900, exposing internal memory to unauthenticated adjacent network attackers...

7.3CVSS5.7AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.9 views

CVE-2026-36608

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...

8.8CVSS5.5AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-22566

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...

7.5CVSS5.5AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.6 views

CVE-2026-22564

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation:...

9.8CVSS5.5AI score0.0042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.7 views

CVE-2026-22562

A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution RCE. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Por...

9.8CVSS6.3AI score0.00774EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-22563

A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play PowerA...

9.8CVSS5.5AI score0.01051EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 6:16 p.m.11 views

CVE-2026-36608

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows UPnP AddPortMapping to forward external ports to the router's own admin interface by accepting its own IP 192.168.1.1 or localhost 127.0.0.1 as InternalClient. An unauthenticated LAN attacker can expose the admin panel to the intern...

8.8CVSS0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 6:16 p.m.14 views

CVE-2026-36603

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...

8.1CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 12:0 a.m.13 views

CVE-2026-36603

Mercusys AC12G (EU) V1 router (firmware AC12G(EU)_V1_200909) is affected by a UPnP IGD issue: 15 of 18 UPnP actions are exposed without authentication on port 1900, with UPnP enabled by default via the admin interface. This allows any unauthenticated LAN device to create arbitrary port forwarding...

8.1CVSS5.9AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder