9099 matches found
CVE-2026-58547
Heap-based buffer overflow in Universal Plug and Play upnp.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-50455
Use of uninitialized resource in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...
CVE-2026-49180
Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...
CVE-2026-58547
The CVE-2026-58547 entry details a heap-based buffer overflow in Windows UPnP Device Host (upnp.dll) that can enable local privilege escalation for an authorized user. Affected component: Universal Plug and Play in Windows. Root cause: heap-based overflow in upnp.dll. Impact: local privilege elev...
CVE-2026-58547 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
...
CVE-2026-50455 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
...
CVE-2026-50455
CVE-2026-50455 describes an information disclosure in Universal Plug and Play (upnp.dll) caused by the use of an uninitialized resource. The vulnerability allows an authorized local attacker to disclose information. The reported impact shows confidentiality impact (C) as High, with local access a...
CVE-2026-49180
This CVE concerns the Universal Plug and Play component upnp.dll, where an improper link resolution before file access (link following) can lead to local information disclosure. The entry notes that an authorized attacker can disclose information locally, with a CVSS base score of 5.5 (Medium). A...
CVE-2026-49180 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
...
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Use of uninitialized resource in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...
EUVD-2026-42644
Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handsha...
EUVD-2026-42647
A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request...
CVE-2026-51604
A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request...
CVE-2026-51601
Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handsha...
CVE-2026-51601
Tenda CP3 V3.0 firmware V31.1.9.91 contains a stack-based buffer overflow in the RTSP service. The device fails to validate the length of the clock= value in the Range header field when processing a PLAY request. An unauthenticated remote attacker who has completed a standard RTSP session handsha...
CVE-2026-51604
CVE-2026-51604 describes a stack-based buffer overflow in the RTSP service of the Tenda CP3 V3.0 firmware (V31.1.9.91). The vulnerability is triggered by processing a crafted PLAY request and can be exploited by an unauthenticated remote attacker to cause a denial of service. Affected component: ...
CVE-2026-51601
The CVE describes a stack-based buffer overflow in the RTSP service of Tenda CP3 V3.0 firmware (version V31.1.9.91). The flaw arises from insufficient validation of the clock= value in the Range header during a PLAY request, enabling an unauthenticated remote attacker who has completed a standard...
CVE-2026-51604
A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted PLAY request...
EUVD-2026-41232
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...
CVE-2026-57270
GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...