CVE-2026-27920

Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

CVE-2026-27919

Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

CVE-2026-32077

Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

PT-2026-32803

Name of the Vulnerable Software and Affected Versions Windows Universal Plug and Play UPnP Device Host affected versions not specified Description An untrusted pointer dereference in the Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...

CVE-2025-48819

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges over an adjacent network...

PT-2025-28550 · Microsoft · Windows Universal Plug/Play (Upnp) Device Host +1

Name of the Vulnerable Software and Affected Versions: Windows Universal Plug and Play UPnP Device Host affected versions not specified Description: The issue concerns sensitive data storage in improperly locked memory, allowing an authorized attacker to elevate privileges over an adjacent networ...

PT-2025-28552 · Microsoft · Windows Universal Plug/Play (Upnp) Device Host +1

Name of the Vulnerable Software and Affected Versions: Windows Universal Plug and Play UPnP Device Host affected versions not specified Description: The issue is related to a use after free condition in the Windows Universal Plug and Play UPnP Device Host, which allows an authorized attacker to...

CVE-2025-27484

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges over a network...

Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability

Sensitive data storage in improperly locked memory in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges over a network...

KB4577070: Windows Server 2008 September 2020 Security Update

The remote Windows host is missing security update 4577070 or cumulative update 4577064. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Windows RSoP Service Application improperly handles memory. CVE-2020-0648 - An elevation of...

CVE-2020-0781

An elevation of privilege vulnerability exists when the Windows Universal Plug and Play UPnP service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0783...