Lucene search
K

34673 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.5 views

CVE-2026-54401

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF to escalate privileges within such UniFi OS devices or instances...

7.7CVSS5.8AI score0.00201EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:49 p.m.8 views

EUVD-2026-41391

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device...

9.9CVSS5.8AI score0.00789EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 2:49 p.m.34 views

CVE-2026-54401

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF to escalate privileges within such UniFi OS devices or instances...

7.7CVSS0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 2:49 p.m.35 views

CVE-2026-54402

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device...

9.9CVSS0.00789EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 2:49 p.m.35 views

CVE-2026-50748

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...

9.9CVSS0.00789EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 2:49 p.m.12 views

CVE-2026-50748

CVE-2026-50748 describes an Improp er Input Validation vulnerability in the UniFi Access Application that enables a Command Injection on the host when an attacker with network access and low privileges can exploit it. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating...

9.9CVSS5.8AI score0.00789EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.6 views

CVE-2026-50748

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...

9.9CVSS5.8AI score0.00789EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 2:49 p.m.6 views

EUVD-2026-41384

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...

9.9CVSS5.8AI score0.00789EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:3 p.m.6 views

CVE-2026-8079

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized...

8.7CVSS5.8AI score0.00182EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/02 2:2 p.m.15 views

CVE-2026-9272

CVE-2026-9272 affects Progress Flowmon ADS prior to 12.5.6 and 13.0.5. An adversary authenticated as a low-privileged ADS user can send specially crafted requests that lead to unauthorized access to and modification of application data. The CVE’s metrics indicate HIGH impact on confidentiality, i...

8.7CVSS5.8AI score0.00247EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:2 p.m.7 views

CVE-2026-9272

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...

8.7CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/02 2:2 p.m.7 views

EUVD-2026-41374

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...

8.7CVSS5.8AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 2:2 p.m.37 views

CVE-2026-9272 Possibility of unintended database operations when querying data related to detected anomalies in Progress Flowmon ADS

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System ADS may send specially crafted requests that could result in unauthorized access to application data and its...

8.7CVSS0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 12:16 a.m.7 views

CVE-2026-50279

Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...

7.6CVSS0.00245EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-55232

Name of the Vulnerable Software and Affected Versions UniFi Talk Application affected versions not specified Description An authenticated user with low privileges and network access can exploit SQL Injection flaws to escalate privileges on the host device. SQL Injection is a technique where...

9.9CVSS6AI score0.00239EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55260

Name of the Vulnerable Software and Affected Versions Flowmon ADS versions prior to 12.5.6 Flowmon ADS versions prior to 13.0.5 Description An authenticated low-privileged user in the Anomaly Detection System ADS can send specially crafted requests to gain unauthorized access to application data...

8.7CVSS5.9AI score0.00247EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55238

Name of the Vulnerable Software and Affected Versions UniFi OS affected versions not specified Description An improper input validation issue allows a malicious actor with network access and low privileges to perform command injection on the host device. Command injection is a flaw that allows an...

9.9CVSS6.2AI score0.00789EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55233

Name of the Vulnerable Software and Affected Versions UniFi Access Application affected versions not specified Description An improper input validation issue allows a malicious actor with network access and low privileges to perform command injection on the host device. Recommendations At the...

9.9CVSS6AI score0.00789EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/01 11:31 p.m.37 views

CVE-2026-50279 Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap

Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...

7.6CVSS0.00245EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:31 p.m.12 views

CVE-2026-50279

Craft CMS (versions 5.0.0-RC1 through 5.9.20) contains an authorization gap in EntriesController::actionSaveEntry where entry-edit checks precede author changes. The code path allows attacker-supplied authors to mutate the authors list when the current user is among the old authors, without re-ru...

7.6CVSS5.7AI score0.00245EPSS
Exploits0References2
Rows per page
Query Builder