Lucene search
K

9088 matches found

UbuntuCve
UbuntuCve
added 2026/05/19 7:16 p.m.13 views

CVE-2026-41470

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

8.2CVSS5.8AI score0.00486EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 6:43 p.m.11 views

EUVD-2026-30973

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

8.2CVSS5.8AI score0.00486EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 6:43 p.m.12 views

CVE-2026-41470

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

8.2CVSS5.8AI score0.00486EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/19 6:43 p.m.11 views

CVE-2026-41470 LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token

LIVE555 before 2026.04.22 contains an authorization bypass vulnerability in RTSP session command handling that allows attackers to replay valid Session tokens from unauthenticated connections. Attackers who obtain a valid Session token can issue PLAY and TEARDOWN commands from a second TCP...

8.2CVSS5.8AI score0.00486EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/19 1:27 p.m.13 views

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.1CVSS7.2AI score0.01008EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 1:27 p.m.11 views

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

8.1CVSS7.2AI score0.01008EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-41997

Name of the Vulnerable Software and Affected Versions LIVE555 versions prior to 2026.04.22 Description An authorization bypass exists in the RTSP session command handling. This allows attackers to replay valid Session tokens from unauthenticated connections. By obtaining a valid Session token, an...

8.2CVSS5.8AI score0.00486EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.28 views

RHEL 10 : podman (RHSA-2026:18289)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18289 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

8.1CVSS7.2AI score0.01008EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/05/08 3:8 p.m.31 views

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss. The 28 apps hav...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

pupnp 安全漏洞

Pupnp is an open-source application developed by the Portable SDK for UPnP Devices. It’s a portable SDK for UPnP devices. Versions of Pupnp prior to 1.18.5 contained security vulnerabilities. These vulnerabilities were caused by the atoi function used in parseuri, which led to port truncation and...

6.9CVSS5.8AI score0.00346EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 9:19 p.m.7 views

GHSA-QFF7-Q5FM-8P76 AzuraCast has Missing Permissions Check on Media File Download, Allowing Cross-Station Data Exfiltration

Summary The GET /api/station/stationid/file/id/play endpoint, handled by PlayAction, is missing the Middleware\Permissions check that protects all sibling routes in the same /file/id route group. Any authenticated user can download media files from any station, regardless of whether they have...

6.5CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/04 9:19 p.m.11 views

AzuraCast has Missing Permissions Check on Media File Download, Allowing Cross-Station Data Exfiltration

Summary The GET /api/station/stationid/file/id/play endpoint, handled by PlayAction, is missing the Middleware\Permissions check that protects all sibling routes in the same /file/id route group. Any authenticated user can download media files from any station, regardless of whether they have...

5.8AI score
Exploits0References3Affected Software1
Fedora
Fedora
added 2026/04/30 1:30 a.m.12 views

[SECURITY] Fedora 42 Update: miniupnpd-2.3.10-1.fc42

The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers. UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP IGD & PCP/NAT-P...

9.1CVSS5.2AI score0.00674EPSS
Exploits0
Fedora
Fedora
added 2026/04/30 1:21 a.m.12 views

[SECURITY] Fedora 43 Update: miniupnpd-2.3.10-1.fc43

The MiniUPnP daemon is an UPnP IGD & PCP/NAT-PMP daemon for gateway routers. UPnP IGD & PCP/NAT-PMP are used to improve internet connectivity for devices behind a NAT router. Any peer to peer network application such as games, IM, etc. can benefit from a NAT router supporting UPnP IGD & PCP/NAT-P...

9.1CVSS5.2AI score0.00674EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/28 6:35 p.m.5 views

CVE-2026-35903

MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the sa...

9.8CVSS5.3AI score0.00487EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/04/27 2:55 p.m.6 views

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

8.7CVSS5.2AI score0.00534EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/22 7:48 a.m.8 views

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

8.7CVSS5.7AI score0.00534EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.8 views

CVE-2026-32214

Improper access control in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...

5.5CVSS6.2AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.7 views

CVE-2026-27925

Use after free in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to disclose information over an adjacent network...

6.5CVSS6.2AI score0.0036EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.6 views

CVE-2026-32156

Use after free in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to execute code locally...

7.4CVSS5.9AI score0.00286EPSS
Exploits0References1
Rows per page
Query Builder