120725 matches found
CVE-2026-50747
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device...
CVE-2026-56841
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device...
EUVD-2026-41399
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device...
CVE-2026-56841
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device...
CVE-2026-50747
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device...
EUVD-2026-41390
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device...
EUVD-2026-41388
A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...
CVE-2026-54404
UniFi OS is affected by CVE-2026-54404, which describes a series of authenticated SQL Injection vulnerabilities that allow a user with network access and low privileges to escalate privileges within UniFi OS devices or instances. The available sources confirm the issue and provide a CVSSv3.1 base...
CVE-2026-55110
A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...
CVE-2026-54404
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances...
CVE-2026-55110
A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...
EUVD-2026-41374
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...
CVE-2026-9272
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...
CVE-2026-14029
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
WordPress Modern Events Calendar Lite <5.16.5 - Authenticated Arbitrary File Upload
WordPress Modern Events Calendar Lite plugin before 5.16.5 is susceptible to authenticated arbitrary file upload. The plugin does not properly check the imported file, allowing PHP files to be uploaded and/or executed by an administrator or other high-privilege user using the text/csv content-typ...
Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection
Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php. This in turn can lead to...
pfSense - Arbitrary File Write
diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...
GLPI 10.0.10-10.0.14 - SQL Injection
GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. id: CVE-2024-29889 info: name: GLPI 10.0.10-10.0.14 - SQL Injection autho...
Gogs <0.12.6 - Remote Command Execution
Gogs before 0.12.6 is susceptible to remote command execution via the uploading repository file in GitHub repository gogs/gogs. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id...
OsTicket < 1.14.3 - Server Side Request Forgery
SSRF vulnerability exists in osTicket before 1.14.3, allowing an attacker to add malicious files to the server or perform port scanning. id: CVE-2020-24881 info: name: OsTicket 1.14.3 - Server Side Request Forgery author: hnd3884 severity: critical description: | SSRF vulnerability exists in...