The vulnerability of the GUPnP framework for UPnP devices stems from the dependence of critical operations on the reverse DNS solution. This allows attackers to gain access to confidential data and compromise its integrity.

The vulnerability of the GUPnP device framework relates to the dependence of critical operations on the reverse DNS solution. Exploiting this vulnerability allows a remote attacker to gain access to confidential data and compromise its integrity...

CVE-2025-31008 WordPress YouTube Embed plugin <= 5.3.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Embeds For YouTube Plugin Support YouTube Embed youtube-embed allows Stored XSS.This issue affects YouTube Embed: from n/a through = 5.3.1...

CVE-2025-27484 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability

...

Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges over a network...

Microsoft Windows UPnP 安全漏洞

Microsoft Windows UPnP is a device agent from Microsoft Corporation USA. Providing a proxy allows a Windows network connection to recognize the IP address of the ZoneDirector. A security vulnerability exists in Microsoft Windows UPnP. An attacker could exploit the vulnerability to elevate...

PT-2025-15543 · Microsoft · Windows Universal Plug/Play (Upnp) Device Host +1

Name of the Vulnerable Software and Affected Versions: Windows Universal Plug and Play UPnP Device Host affected versions not specified Description: The issue concerns sensitive data storage in improperly locked memory, allowing an authorized attacker to elevate privileges over a network. This ca...

About the security content of AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, and CarPlay Communication Plug-in R18.1 Updates

About the security content of AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, and CarPlay Communication Plug-in R18.1 Updates This document is intended for developers of accessories or software compatible with Apple devices. These updates are available for members of the Apple MFi Program...

PT-2025-18219

Name of the Vulnerable Software and Affected Versions AirPlay audio SDK versions 2.7.1 and later AirPlay video SDK versions 3.6.0.126 and later CarPlay Communication Plug-in version R18.1 and later Description This issue involves improved memory handling to address a flaw that could allow a local...

SUSE CVE-2025-21913

In the Linux kernel, the following vulnerability has been resolved: x86/amdnb: Use rdmsrsafe in amdgetmmconfigrange Xen doesn't offer MSRFAM10HMMIOCONFBASE to all guests. This results in the following warning: unchecked MSR access error: RDMSR from 0xc0010058 at rIP: 0xffffffff8101d19f...

Build Numbers and Versions of Veeam Plug-in for Proxmox VE

This KB article lists all versions of the Veeam Plug-in for Proxmox VE and their respective worker build numbers. Version | Plug-in Build | Worker Build | Release Date ---|---|---|--- Veeam Plug-in for Proxmox VE 3 Releases Veeam Plug-in for Proxmox VE 3.2 included with Veeam Backup & Replication...

The vulnerability of the advertise_res() function in the UPnP service of Netgear’s WNR854T router allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the advertiseres function of the UPnP service involves the escape of operations beyond the buffer in memory when processing the M-SEARCH request header value. Exploitation of this vulnerability allows a remote attacker to execute arbitrary code or cause service failures by...

The vulnerability of the advertise_res() function in the UPnP service of Netgear’s WNR854T router allows a hacker to execute arbitrary code.

The vulnerability of the advertiseres function of the UPnP service involves an escape from the buffer boundaries in memory when processing the M-SEARCH request header value. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted M-SEARCH...

The vulnerability of the parse_st() function in the UPnP service’s microprogramming software for Netgear WNR854T allows a hacker to execute arbitrary code.

The vulnerability of the parsest function in the UPnP service of Netgear’s WNR854T router software lies in the fact that the operation outside the buffer is allowed when processing the M-SEARCH request header value. Exploiting this vulnerability allows a remote attacker to execute arbitrary code ...

CVE-2024-54807

In Netgear WNR854T 1.5.2 North America, the UPNP service is vulnerable to command injection in the function addmapexec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request f...

Netgear WNR854T 安全漏洞

The NETGEAR WNR854T is a wireless router from NETGEAR. The NETGEAR WNR854T version 1.5.2 suffers from a buffer overflow vulnerability that originates from the UPNP service failing to properly validate the length of incoming data, which can be exploited by remote attackers to execute arbitrary cod...

About the security content of AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, and CarPlay Communication Plug-in R18.1 Updates

About the security content of AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, and CarPlay Communication Plug-in R18.1 Updates This document is intended for developers of accessories or software compatible with Apple devices. These updates are available for members of the Apple MFi Program...

CVE-2025-22640 WordPress Paytm Payment Donation Plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Paytm Paytm Payment Donation allows Stored XSS.This issue affects Paytm Payment Donation: from n/a through 2.3.3...

CVE-2024-58105

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker mus...

Vulnerability fixed in NetApp SnapCenter

NetApp has fixed a vulnerability in SnapCenter Specifically for versions earlier than 6.0.1P1 and 6.1P1. The vulnerability is in the way SnapCenter handles authenticated users. This allows authenticated users to gain administrative access on remote systems equipped with the SnapCenter plug-in. Th...

CVE-2025-26512

SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...