CVE-2024-14036 Dräger Core 1.0.5 Denial of Service via Malformed SDC Message

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...

May 12, 2026—Hotpatch KB5087423 (OS Build 26100.32772)

May 12, 2026—Hotpatch KB5087423 OS Build 26100.32772 This update applies to Windows Server 2025 Datacenter & Standard machines connected to Azure Arc. To learn more about differences between security updates, optional non-security preview updates, out-of-band OOB updates, and continuous innovatio...

Microsoft Windows SSDP Elevation of Privilege Vulnerability

Microsoft Windows SSDP is a simple service discovery provider program from Microsoft USA. Microsoft Windows SSDP suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

EUVD-2026-22515

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...

CVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

...

CVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

...

CVE-2026-32082 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

...

Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SSDP Service allows an authorized attacker to elevate privileges locally...

PT-2026-32808

Name of the Vulnerable Software and Affected Versions Windows SSDP Service affected versions not specified Description A race condition occurs in the Windows SSDP Service due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges locally...

EUVD-2026-13800

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgimain of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2026-4499

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgimain of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2026-4499

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgimain of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

PT-2026-26664

A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi main of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

EUVD-2026-9322

A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This vulnerability...

D-Link DIR-868L 操作系统命令注入漏洞

The D-Link DIR-868L is a wireless router produced by D-Link Corporation. The D-Link DIR-868L 110b03 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter ST by the SSDP Service component, which may lead to...

CVE-2025-62602

Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflow,...

CVE-2025-68135

EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the TbdController loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and ISO15118-20 servers...

CVE-2025-68135

EVerest is an EV charging software stack. Prior to version 2025.10.0, C++ exceptions are not properly handled for and by the TbdController loop, leading to its caller and itself to silently terminates. Thus, this leads to a denial of service as it is responsible of SDP and ISO15118-20 servers...

CVE-2025-68135

EVerest (EV charging software stack) prior to version 2025.10.0 has a vulnerability in the TbdController loop where C++ exceptions are not properly handled, causing the loop and its caller to terminate silently and leading to a denial of service affecting SDP and ISO15118-20 servers. The issue is...

D-Link DIR-806A Command Injection Vulnerability

The D-Link DIR-806A is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-806A version 100CNb11, which stems from the failure of the ssdpcgimain function in the SSDP Request Handler component to correctly filter constructed command special...