CVE-2024-48775

An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process...

CVE-2024-48771

An issue in almando GmbH Almando Play APP com.almando.play 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process...

CVE-2024-48770

An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process...

CVE-2023-28109

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

CVE-2023-41131

Cross-Site Request Forgery CSRF vulnerability in Jonk @ Follow me Darling Sptify Play Button for WordPress plugin = 2.10 versions...

CVE-2023-34844

Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...

CVE-2023-31893

Telefnica Brasil Vivo Play IPTV Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service DoS via DNS Recursion...

CVE-2023-21266

In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-1840

The Sptify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

CVE-2023-27217

A stack-based buffer overflow in the ChangeFriendlyName function of Belkin Smart Outlet V2 F7c063 firmware2.00.11420.OWRT.PVTSNSV2 allows attackers to cause a Denial of Service DoS via a crafted UPNP request...

CVE-2022-1799

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release...

CVE-2022-31023

Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by...

CVE-2022-2390

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain...

CVE-2021-29379

An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play UPnP is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target ST field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability on...

CVE-2021-37048

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to fake visitors to control PC,play a video,etc...

CVE-2021-35392

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a heap buffer overflow that is present due to unsafe...

CVE-2021-39283

liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands...

CVE-2020-0781

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play UPnP service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0783...

CVE-2020-24027

In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time...

CVE-2020-27196

An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint that may or may not expect JSON payloads causes a StackOverflowError and Denial of...