271 matches found
CVE-2021-27137
An issue was discovered in router/upnp/src/ssdp.c in DD-WRT before 45724. An unsafe strcpy in the UPnP handling functionality allows an unauthenticated remote attacker to send a request that would overflow an internal fixed buffer. Exploitation requires the DD-WRT user to enable UPnP which is off...
CVE-2026-58547
Heap-based buffer overflow in Universal Plug and Play upnp.dll allows an authorized attacker to elevate privileges locally...
CVE-2026-49180
Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...
CVE-2026-58547
CVE-2026-58547 is a Windows UPnP Device Host vulnerability. The issue is a heap-based buffer overflow in upnp.dll that allows an authenticated local attacker to elevate privileges. The NVD entry and multiple advisories describe the root cause as a heap overflow in UPnP device host, with CVSS deta...
CVE-2026-50455 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
...
CVE-2026-50455
CVE-2026-50455 describes an information disclosure in Universal Plug and Play (upnp.dll) caused by the use of an uninitialized resource. The vulnerability allows an authorized local attacker to disclose information. The reported impact shows confidentiality impact (C) as High, with local access a...
CVE-2026-50455 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
...
CVE-2026-49180 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
...
CVE-2026-49180 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
...
Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
Heap-based buffer overflow in Universal Plug and Play upnp.dll allows an authorized attacker to elevate privileges locally...
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Use of uninitialized resource in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally...
CVE-2026-45599
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
CVE-2026-45635
Access of resource using incompatible type 'type confusion' in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
CVE-2026-45635
Access of resource using incompatible type 'type confusion' in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
EUVD-2026-35563
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
CVE-2026-45635 Windows UPnP Device Host Remote Code Execution Vulnerability
...
CVE-2026-45599
The CVE-2026-45599 entry describes a use-after-free in Windows’ Universal Plug and Play component (upnp.dll) that enables a remote attacker to execute code over the network via the UPnP Device Host. The vulnerability is rated CVSSv3.1: 8.1 (HIGH) with Network attack vector, no privileges required...
EUVD-2026-35556
Use after free in Universal Plug and Play upnp.dll allows an unauthorized attacker to execute code over a network...
PT-2026-47988
Name of the Vulnerable Software and Affected Versions Universal Plug and Play affected versions not specified Description A use after free issue in the Universal Plug and Play component upnp.dll allows an unauthorized remote attacker to execute arbitrary code and affect the system over a network...