[SECURITY] Fedora 43 Update: miniupnpd-2.3.10-1.fc43

The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers. UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP IGD & PCP/NAT-P...

CVE-2026-35903

MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the sa...

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

CVE-2026-32214

Improper access control in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...

CVE-2026-27925

Use after free in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to disclose information over an adjacent network...

CVE-2026-32156

Use after free in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to execute code locally...

CVE-2026-32077

Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

CVE-2026-32075

Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

CVE-2026-27920

Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

CVE-2026-27915

Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

CVE-2026-27916

Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

CVE-2026-22565

An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...

EUVD-2026-22595

Improper access control in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...

EUVD-2026-22593

Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...

EUVD-2026-22544

Use after free in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to execute code locally...

EUVD-2026-22466

Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

EUVD-2026-22507

Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

EUVD-2026-22503

Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

EUVD-2026-22463

Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...