Lucene search
+L

9101 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.28 views

RHEL 10 : podman (RHSA-2026:18289)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18289 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

8.1CVSS7.2AI score0.01008EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/05/08 3:8 p.m.31 views

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps hav...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

pupnp 安全漏洞

Pupnp is an open-source application developed by the Portable SDK for UPnP Devices. It’s a portable SDK for UPnP devices. Versions of Pupnp prior to 1.18.5 contained security vulnerabilities. These vulnerabilities were caused by the atoi function used in parseuri, which led to port truncation and...

6.9CVSS5.8AI score0.00346EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 9:19 p.m.7 views

GHSA-QFF7-Q5FM-8P76 AzuraCast has Missing Permissions Check on Media File Download, Allowing Cross-Station Data Exfiltration

Summary The GET /api/station/stationid/file/id/play endpoint, handled by PlayAction, is missing the Middleware\Permissions check that protects all sibling routes in the same /file/id route group. Any authenticated user can download media files from any station, regardless of whether they have...

6.5CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/04 9:19 p.m.15 views

AzuraCast has Missing Permissions Check on Media File Download, Allowing Cross-Station Data Exfiltration

Summary The GET /api/station/stationid/file/id/play endpoint, handled by PlayAction, is missing the Middleware\Permissions check that protects all sibling routes in the same /file/id route group. Any authenticated user can download media files from any station, regardless of whether they have...

5.8AI score
Exploits0References3Affected Software1
Fedora
Fedora
added 2026/04/30 1:30 a.m.14 views

[SECURITY] Fedora 42 Update: miniupnpd-2.3.10-1.fc42

The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers. UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP IGD & PCP/NAT-P...

9.1CVSS5.2AI score0.00674EPSS
Exploits0
Fedora
Fedora
added 2026/04/30 1:21 a.m.13 views

[SECURITY] Fedora 43 Update: miniupnpd-2.3.10-1.fc43

The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers. UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP IGD & PCP/NAT-P...

9.1CVSS5.2AI score0.00674EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/28 6:35 p.m.6 views

CVE-2026-35903

MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the sa...

9.8CVSS5.3AI score0.00487EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/04/27 2:55 p.m.6 views

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

8.7CVSS5.2AI score0.00534EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/22 7:48 a.m.8 views

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

8.7CVSS5.7AI score0.00534EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.8 views

CVE-2026-32214

Improper access control in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...

5.5CVSS6.2AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.7 views

CVE-2026-27925

Use after free in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to disclose information over an adjacent network...

6.5CVSS6.2AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.7 views

CVE-2026-32156

Use after free in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to execute code locally...

7.4CVSS5.9AI score0.00286EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.9 views

CVE-2026-32077

Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.8 views

CVE-2026-32075

Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

7CVSS5.8AI score0.00268EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.8 views

CVE-2026-27920

Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.6 views

CVE-2026-27915

Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

7.8CVSS6.2AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.8 views

CVE-2026-27916

Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 1:22 a.m.6 views

CVE-2026-22565

An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation: Update UniFi Play...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 6:30 p.m.7 views

EUVD-2026-22593

Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...

5.5CVSS5.6AI score0.00307EPSS
Exploits0References2
Rows per page
Query Builder