9101 matches found
RHEL 10 : podman (RHSA-2026:18289)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18289 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...
Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps hav...
pupnp 安全漏洞
Pupnp is an open-source application developed by the Portable SDK for UPnP Devices. It’s a portable SDK for UPnP devices. Versions of Pupnp prior to 1.18.5 contained security vulnerabilities. These vulnerabilities were caused by the atoi function used in parseuri, which led to port truncation and...
GHSA-QFF7-Q5FM-8P76 AzuraCast has Missing Permissions Check on Media File Download, Allowing Cross-Station Data Exfiltration
Summary The GET /api/station/stationid/file/id/play endpoint, handled by PlayAction, is missing the Middleware\Permissions check that protects all sibling routes in the same /file/id route group. Any authenticated user can download media files from any station, regardless of whether they have...
AzuraCast has Missing Permissions Check on Media File Download, Allowing Cross-Station Data Exfiltration
Summary The GET /api/station/stationid/file/id/play endpoint, handled by PlayAction, is missing the Middleware\Permissions check that protects all sibling routes in the same /file/id route group. Any authenticated user can download media files from any station, regardless of whether they have...
[SECURITY] Fedora 42 Update: miniupnpd-2.3.10-1.fc42
The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers. UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP IGD & PCP/NAT-P...
[SECURITY] Fedora 43 Update: miniupnpd-2.3.10-1.fc43
The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers. UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP IGD & PCP/NAT-P...
CVE-2026-35903
MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the sa...
freerdp: FreeRDP has a Heap-use-after-free in play_thread
A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...
freerdp: FreeRDP has a Heap-use-after-free in play_thread
A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...
CVE-2026-32214
Improper access control in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...
CVE-2026-27925
Use after free in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to disclose information over an adjacent network...
CVE-2026-32156
Use after free in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to execute code locally...
CVE-2026-32077
Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...
CVE-2026-32075
Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...
CVE-2026-27920
Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...
CVE-2026-27915
Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...
CVE-2026-27916
Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...
CVE-2026-22565
An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...
EUVD-2026-22593
Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...