Lucene search
K

334 matches found

Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32781

Name of the Vulnerable Software and Affected Versions Windows Universal Plug and Play UPnP Device Host affected versions not specified Description An untrusted pointer dereference in the Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally,...

7.8CVSS6.2AI score0.00298EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-32777

Name of the Vulnerable Software and Affected Versions Windows Universal Plug and Play UPnP Device Host affected versions not specified Description A use after free issue in the Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally. Use after...

7.8CVSS6.1AI score0.00298EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32856

CVE-2026-32212 Improper link resolution before file access 'link following' in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally. https://t.co/8vH7ez64Tq...

5.5CVSS6.1AI score0.00307EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.5 views

Microsoft Windows UPnP 安全漏洞

Microsoft Windows UPnP is a device proxy provided by Microsoft Corporation. It serves as a proxy that allows Windows network connections to recognize the IP address of ZoneDirector. There are security vulnerabilities associated with Microsoft Windows UPnP. Attackers can exploit these...

5.5CVSS5.8AI score0.00307EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32803

Name of the Vulnerable Software and Affected Versions Windows Universal Plug and Play UPnP Device Host affected versions not specified Description An untrusted pointer dereference in the Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00321EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32857

CVE-2026-32214 Improper access control in Universal Plug and Play upnp.dll allows an authorized attacker to disclose information locally. https://t.co/mQeTrH15sG...

5.5CVSS6.1AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.4 views

PT-2026-32826

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A use after free in the Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to execute arbitrary code locally and remotely, affecting the system. Use after free i...

7.4CVSS6.6AI score0.00286EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. The Microsoft Windows Universal Plug and Play UPnP Device Host has a resource management vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following products a...

7.8CVSS5.8AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

Microsoft Windows UPnP 资源管理错误漏洞

Microsoft Windows UPnP is a device proxy provided by Microsoft Corporation. It serves as a proxy that allows Windows network connections to recognize the IP address of ZoneDirector. There is a resource management vulnerability in Microsoft Windows UPnP. Attackers can exploit this vulnerability to...

7.4CVSS6AI score0.00286EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/31 7:30 p.m.9 views

CVE-2026-5211 D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Del stack-based overflow

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function...

9CVSS7.8AI score0.007EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/28 6:30 p.m.5 views

EUVD-2026-16937

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack...

9CVSS7.7AI score0.00687EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/28 5:30 p.m.3 views

CVE-2026-5004

A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack...

9CVSS6.4AI score0.00687EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/26 9:31 p.m.4 views

EUVD-2026-16419

The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This...

7.1CVSS5.8AI score0.00355EPSS
Exploits0References4
NVD
NVD
added 2026/03/26 9:17 p.m.6 views

CVE-2026-3622

The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This...

7.5CVSS0.00355EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 8:34 p.m.18 views

CVE-2026-3622

CVE-2026-3622 affects TL-WR841N v14's UPnP component, where improper input validation triggers an out-of-bounds read that can crash the UPnP service and cause a Denial-of-Service. Affected builds include EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and US_0.9.1.4.19 Build 260312 Rel. 49108n...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.4 views

CVE-2026-4214

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9.8CVSS7.9AI score0.00791EPSS
Exploits1References1
NVD
NVD
added 2026/03/16 2:20 p.m.3 views

CVE-2026-4214

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9.8CVSS0.00791EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/16 4:32 a.m.1 views

CVE-2026-4214 D-Link DNS-1550-04 app_mgr.cgi UPnP_AV_Server_Path_Setting stack-based overflow

A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function...

9CVSS7.9AI score0.00791EPSS
Exploits1References5
OSV
OSV
added 2026/02/24 3:16 a.m.6 views

CVE-2025-13942

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17ABUP.15.1C0 could allow a remote attacker to execute operating system OS commands on an affected device by sending specially crafted UPnP SOAP requests...

9.8CVSS5.9AI score0.0106EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/24 2:32 a.m.6 views

CVE-2025-13942

A command injection vulnerability in the UPnP function of the Zyxel EX3510-B0 firmware versions through 5.17ABUP.15.1C0 could allow a remote attacker to execute operating system OS commands on an affected device by sending specially crafted UPnP SOAP requests...

9.8CVSS5.9AI score0.0106EPSS
Exploits0References1
Rows per page
Query Builder