Lucene search
K

53 matches found

Nuclei
Nuclei
added 3 days ago20 views

UniFi Access - Broken Access Control

UniFi Access Application 3.3.22 through 3.4.31 contains a broken authentication caused by misconfiguration exposing management API without proper authentication, letting attackers on management network access management functions, exploit requires network access. id: CVE-2025-52665 info: name:...

10CVSS7.4AI score0.40972EPSS
Exploits0References3
NVD
NVD
added 4 days ago11 views

CVE-2026-55117

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device...

8.6CVSS0.00342EPSS
Exploits0References1
NVD
NVD
added 4 days ago6 views

CVE-2026-54400

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device...

9.1CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-50748

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...

9.9CVSS0.00789EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-55117

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device...

8.6CVSS0.00342EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-55117

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device...

8.6CVSS5.8AI score0.00342EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41395

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device...

8.6CVSS5.8AI score0.00342EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-55117

The CVE-2026-55117 entry describes a path traversal vulnerability in UniFi Access Application. The vulnerability could allow an attacker with network access to access files on the host device via the affected component, exposing potentially sensitive information. Documented details do not specify...

8.6CVSS5.8AI score0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-50748

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...

9.9CVSS0.00789EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41386

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device...

9.1CVSS5.8AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41384

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...

9.9CVSS5.8AI score0.00789EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-50748

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi Access Application to execute a Command Injection on the host device...

9.9CVSS5.8AI score0.00789EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-54400

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device...

9.1CVSS5.8AI score0.00257EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-54400

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device...

9.1CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-50748

CVE-2026-50748 describes an Improp er Input Validation vulnerability in the UniFi Access Application that enables a Command Injection on the host when an attacker with network access and low privileges can exploit it. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating...

9.9CVSS5.8AI score0.00789EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-54400

Technical details about CVE-2026-54400 are not publicly available in the provided documents. Monitor for updates from vendors for affected UniFi Access Application components and mitigations.

9.1CVSS5.8AI score0.00257EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-55233

Name of the Vulnerable Software and Affected Versions UniFi Access Application affected versions not specified Description An improper input validation issue allows a malicious actor with network access and low privileges to perform command injection on the host device. Recommendations At the...

9.9CVSS6AI score0.00789EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 9:16 p.m.3 views

CVE-2019-25651

Ubiquiti UniFi Network Controller prior to 5.10.12 excluding 5.6.42, UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weakness...

9CVSS5.8AI score0.0008EPSS
Exploits0References3Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2026/01/16 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later. ...

10CVSS5.8AI score0.40972EPSS
In wildExploits0References2
RedhatCVE
RedhatCVE
added 2025/11/01 12:25 a.m.9 views

CVE-2025-52665

A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication. This vulnerability was introduced in Version 3.3.22 and was fixed in Version 4.0.21 and later...

10CVSS6.8AI score0.40972EPSS
Exploits0References1
Rows per page
Query Builder