9057 matches found
CVE-2019-1405
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play UPnP service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'...
CVE-2019-5309
Honor play smartphones with versions earlier than 9.1.0.333C00E333R1P1T8 have an information disclosure vulnerability in certain Huawei . An attacker could view certain information after a series of operation without unlock the screen lock. Successful exploit could cause an information disclosure...
CVE-2019-5213
Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321C00E320R1P1T8 have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of...
CVE-2019-10707
MKCMS V5.0 has SQL injection via the bplay.php play parameter...
CVE-2019-17598
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...
Minor update(6) for Vivaldi Android Browser 7.2
Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the fifth 7.2 stable, minor update: Backported upstream...
Android users bombarded with unskippable ads
Researchers have discovered a very versatile ad fraud network—known as Kaleidoscope—that bombards users with unskippable ads. Normally, ad fraud is not a concern for users of infected devices. They might experience some sluggish behavior on their device, but often that’s the extent of it. Ad frau...
[SECURITY] Fedora 41 Update: deluge-2.2.0-1.fc41
Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT Distributed Hash Tables, PEX =C2=B5Torrent-compatible Peer Exchange, and UPnP...
[SECURITY] Fedora 42 Update: deluge-2.2.0-1.fc42
Deluge is a new BitTorrent client, created using Python and GTK+. It is intended to bring a native, full-featured client to Linux GTK+ desktop environments such as GNOME and XFCE. It supports features such as DHT Distributed Hash Tables, PEX =C2=B5Torrent-compatible Peer Exchange, and UPnP...
MTL-UE: Learning to Learn Nothing for Multi-Task Learning
Most existing unlearnable strategies focus on preventing unauthorized users from training single-task learning STL models with personal data. Nevertheless, the paradigm has recently shifted towards multi-task data and multi-task learning MTL, targeting generalist and foundation models that can...
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization
Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to 18.4 and Apple iPadOS prior to 18.4, which stems from insufficiently...
Set You Straight: Auto-Steering Denoising Trajectories to Sidestep Unwanted Concepts
Ensuring the ethical deployment of text-to-image models requires effective techniques to prevent the generation of harmful or inappropriate content. While concept erasure methods offer a promising solution, existing finetuning-based approaches suffer from notable limitations. Anchor-free methods...
The vulnerability of the PlayReleasedEvents() function in the Wayland protocol for X.Org XWayland, which is implemented in the X Window System X.Org Server, allows a perpetrator to execute arbitrary code.
The vulnerability of the PlayReleasedEvents function in the Wayland protocol for X.Org XWayland is related to the use of memory after it is freed. Exploiting this vulnerability can allow a attacker to execute arbitrary code...
The vulnerability of the UPnP Device Host operating system in Windows allows a hacker to increase their privileges.
The vulnerability of the UPnP Device Host operating system in Windows relates to the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow a remote attacker to increase their privileges...
CVE-2025-27484
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges over a network...
The vulnerability of the GUPnP framework for UPnP devices stems from the dependence of critical operations on the reverse DNS solution. This allows attackers to gain access to confidential data and compromise its integrity.
The vulnerability of the GUPnP device framework relates to the dependence of critical operations on the reverse DNS solution. Exploiting this vulnerability allows a remote attacker to gain access to confidential data and compromise its integrity...
The vulnerability of the RTSP PLAY Command Handler component in the Live555 multimedia streaming library allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the RTSP PLAY Command Handler component in the Live555 multimedia streaming library relates to writing beyond buffer boundaries. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of the PLAY command in the Live555 multimedia streaming library, which allows a hacker to cause a service failure.
The vulnerability of the PLAY command in the Live555 multimedia streaming library group is related to the insufficient use of the assert function. Exploiting this vulnerability can allow a malicious actor to cause service failures...
CVE-2025-27484 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
...