Lucene search
K

107 matches found

Nuclei
Nuclei
added 5 days ago41 views

UniFi OS Server - Command Injection

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. id: CVE-2026-34910 info: name: UniFi OS Server - Command Injection author: Kazgangap severity: critical description: | A malicious actor...

10CVSS7.2AI score0.78555EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Ubiquiti UniFi OS < 5.1.12 Multiple Vulnerabilities

According to its self-reported version, the remote Ubiquiti UniFi OS device is prior to 5.1.12. It is, therefore, affected by multiple vulnerabilities: - A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make...

10CVSS7.3AI score0.78555EPSS
Exploits4References4
NVD
NVD
added 2026/07/02 3:17 p.m.7 views

CVE-2026-55112

A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device...

8.8CVSS0.00198EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 3:17 p.m.7 views

CVE-2026-55116

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

9.8CVSS0.00229EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 3:17 p.m.8 views

CVE-2026-54404

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances...

8.8CVSS0.00249EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 3:17 p.m.13 views

CVE-2026-55110

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS0.00141EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 3:17 p.m.11 views

CVE-2026-54402

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device...

9.9CVSS0.00872EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 3:17 p.m.6 views

CVE-2026-54401

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF to escalate privileges within such UniFi OS devices or instances...

8.8CVSS0.00217EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 3:17 p.m.6 views

CVE-2026-54403

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances...

8.6CVSS0.00457EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:50 p.m.6 views

CVE-2026-55112

A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device...

7.5CVSS5.8AI score0.00198EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:50 p.m.7 views

CVE-2026-55116

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

9CVSS5.8AI score0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 2:50 p.m.34 views

CVE-2026-55116

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices...

9CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 2:50 p.m.13 views

CVE-2026-55112

Technical details for CVE-2026-55112 are not publicly available in the provided documents. Monitor for updates.

8.8CVSS5.8AI score0.00198EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/02 2:50 p.m.7 views

EUVD-2026-41396

A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device...

7.5CVSS5.8AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 2:50 p.m.35 views

CVE-2026-55112

A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device...

7.5CVSS0.00198EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 2:49 p.m.13 views

CVE-2026-54402

CVE-2026-54402 describes an Improper Input Validation flaw in UniFi OS enabling a Command Injection on the host when a malicious actor with network access and low privileges interacts with the system. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) yields a base score of 9.9 (CRITICAL),...

9.9CVSS5.8AI score0.00872EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/02 2:49 p.m.17 views

CVE-2026-54401

CVE-2026-54401 describes a Server-Side Request Forgery (SSRF) in UniFi OS devices/instances that an attacker with network access and low privileges could abuse to escalate privileges. The CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N with a base score of 7.7 (HIGH) and high confidentiali...

8.8CVSS5.8AI score0.00217EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.6 views

CVE-2026-54402

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device...

9.9CVSS5.8AI score0.00872EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 2:49 p.m.34 views

CVE-2026-54401

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF to escalate privileges within such UniFi OS devices or instances...

7.7CVSS0.00217EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 2:49 p.m.5 views

CVE-2026-54401

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF to escalate privileges within such UniFi OS devices or instances...

7.7CVSS5.8AI score0.00217EPSS
Exploits0References2
Rows per page
Query Builder