Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2023/05/11 10:15 p.m.11 views

CVE-2023-28361

A Cross-site WebSocket Hijacking CSWSH vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM...

6.5CVSS6.3AI score0.0016EPSS
Exploits0References1
OSV
OSVadded 2020/11/05 7:15 p.m.0 views

CVE-2020-8267

A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect...

5.3CVSS6AI score
Exploits0References3
NVD
NVDadded 2020/11/05 7:15 p.m.14 views

CVE-2020-8267

A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect...

5.3CVSS5.4AI score0.00278EPSS
Exploits0References3
Prion
Prionadded 2020/11/05 7:15 p.m.21 views

Security feature bypass

A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect...

5CVSS5.4AI score0.00278EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2020/11/05 6:28 p.m.39 views

CVE-2020-8267

CVE-2020-8267 affects UniFi Protect controller up to v1.14.10. The root cause is improper use of the access token in the controller API, allowing attackers to send authenticated messages without a valid token. The issue is fixed in UniFi Protect v1.14.11 and newer. Impact notes: it does not affec...

5.3CVSS5.3AI score0.00278EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2020/07/02 6:35 p.m.65 views

CVE-2020-8188

CVE-2020-8188 relates to UniFi Protect firmware. Multiple sources confirm a privilege-escalation issue where “view only” users could run certain custom commands to assign themselves unauthorized roles, leading to elevated privileges. The vulnerability affects Protect firmware v1.13.2 and v1.14.9 ...

8.8CVSS9.1AI score0.00944EPSS
Exploits0References3Affected Software1
Hacker One
Hacker Oneadded 2020/03/21 2:54 a.m.18 views

Ubiquiti Inc.: View Only to Root Privilege Escalation on UniFi Protect

UniFi Protect v1.13.2 and prior containing vulnerabilities allowing users to run certain custom commands that can be used to assign themselves unauthorized roles, escalating their privileges. These vulnerabilities were found on UniFi Protect v1.13.2 and prior versions for Cloud Key Gen2 plus. The...

2.4AI score
Exploits0
Rows per page
Query Builder