34714 matches found
EUVD-2026-41396
A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device...
CVE-2026-55112
A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device...
CVE-2026-55115
The CVE-2026-55115 entry describes a Server-Side Request Forgery (SSRF) in the UniFi Protect Application that could allow a low-privilege, network-accessible attacker to escalate privileges on the host. The available sources state the affected component as the UniFi Protect Application and identi...
CVE-2026-50747
The CVE-2026-50747 entry concerns the UniFi Talk Application. It describes an authenticated SQL Injection vulnerability that could be leveraged by an attacker with network access and low privileges to escalate privileges on the host device. The issue is characterized as high-severity (CVSS v3.1 b...
CVE-2026-54402
CVE-2026-54402 describes an Improper Input Validation flaw in UniFi OS enabling a Command Injection on the host when a malicious actor with network access and low privileges interacts with the system. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) yields a base score of 9.9 (CRITICAL),...
CVE-2026-54402
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device...
EUVD-2026-41391
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device...
CVE-2026-54402
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device...
CVE-2026-54401
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF to escalate privileges within such UniFi OS devices or instances...
CVE-2026-54401
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF to escalate privileges within such UniFi OS devices or instances...
EUVD-2026-41392
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF to escalate privileges within such UniFi OS devices or instances...
CVE-2026-50748
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...
CVE-2026-50748
CVE-2026-50748 describes an Improp er Input Validation vulnerability in the UniFi Access Application that enables a Command Injection on the host when an attacker with network access and low privileges can exploit it. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating...
CVE-2026-50748
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...
EUVD-2026-41384
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...
CVE-2026-8079
In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized...
CVE-2026-9272
CVE-2026-9272 affects Progress Flowmon ADS prior to 12.5.6 and 13.0.5. An adversary authenticated as a low-privileged ADS user can send specially crafted requests that lead to unauthorized access to and modification of application data. The CVE’s metrics indicate HIGH impact on confidentiality, i...
CVE-2026-9272 Possibility of unintended database operations when querying data related to detected anomalies in Progress Flowmon ADS
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...
CVE-2026-9272
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...
EUVD-2026-41374
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...