372120 matches found
CVE-2026-55116
CVE-2026-55116 affects UniFi OS devices. The issue is an Improper Access Control vulnerability that could allow a network-attached attacker, under certain configurations, to make unauthorized changes to UniFi OS devices. The CVSS 3.1 vector indicates Network access, High attack complexity, No pri...
CVE-2026-55111
The CVE-2026-55111 affects UniFi Protect Floodlight devices and describes a Path Traversal vulnerability that could allow an attacker with network access to access files on the Floodlight device, impacting confidentiality. The available documents do not specify the exact vulnerable component/vers...
CVE-2026-54401
CVE-2026-54401 describes a Server-Side Request Forgery (SSRF) in UniFi OS devices/instances that an attacker with network access and low privileges could abuse to escalate privileges. The CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N with a base score of 7.7 (HIGH) and high confidentiali...
CVE-2026-54402
CVE-2026-54402 describes an Improper Input Validation flaw in UniFi OS enabling a Command Injection on the host when a malicious actor with network access and low privileges interacts with the system. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) yields a base score of 9.9 (CRITICAL),...
CVE-2026-50747
The CVE-2026-50747 entry concerns the UniFi Talk Application. It describes an authenticated SQL Injection vulnerability that could be leveraged by an attacker with network access and low privileges to escalate privileges on the host device. The issue is characterized as high-severity (CVSS v3.1 b...
CVE-2026-54407
The CVE-2026-54407 entry concerns UniFi Protect Application with an Improper Access Control flaw that allows bypassing authentication on certain API endpoints. The vulnerability enables an unauthenticated or improperly authenticated actor with network access to interact with protected UniFi Prote...
CVE-2026-54405
CVE-2026-54405 affects UniFi Network Application. The root cause is an improper input validation issue that could allow a network-access attacker to cause a Denial of Service on the application. Impact: availability loss (CVSSv3.1 base score 7.5, HIGH). Exploitation details are not provided in th...
CVE-2026-54409
Summary of CVE-2026-54409 : A network-accessible vulnerability in the UniFi Protect Application, described as an Improper Initialization flaw, could allow a attacker to bypass authentication on UniFi Protect Cameras under certain conditions. Affected components are the UniFi Protect Application a...
CVE-2026-50748
CVE-2026-50748 describes an Improp er Input Validation vulnerability in the UniFi Access Application that enables a Command Injection on the host when an attacker with network access and low privileges can exploit it. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating...
CVE-2026-54404
UniFi OS is affected by CVE-2026-54404, which describes a series of authenticated SQL Injection vulnerabilities that allow a user with network access and low privileges to escalate privileges within UniFi OS devices or instances. The available sources confirm the issue and provide a CVSSv3.1 base...
CVE-2026-54403
The CVE-2026-54403 entry concerns a Path Traversal vulnerability in UniFi OS devices. The issue allows an attacker with network access to bypass authentication on affected UniFi OS devices/instances by exploiting path traversal. The provided sources describe the vulnerability but do not specify a...
CVE-2026-54400
Technical details about CVE-2026-54400 are not publicly available in the provided documents. Monitor for updates from vendors for affected UniFi Access Application components and mitigations.
CVE-2026-54406
CVE-2026-54406 : A Path Traversal vulnerability affects self-hosted instances of UniFi Network Application. The issue allows a malicious actor with network access and high privileges to escalate write permissions on the host device. Affected component: path traversal in the application’s handling...
CVE-2026-50746
CVE-2026-50746 describes an "Improper Access Control" vulnerability in UniFi Connect Application that could allow a malicious actor with network access to perform a Command Injection on the host device. The publicly provided descriptions indicate the issue enables remote command execution with no...
CVE-2026-55110
Summary: CVE-2026-55110 describes a CORS misconfiguration in UniFi OS that could allow a malicious page to trigger actions in UniFi OS using an authenticated user’s session after the user visits a malicious page. Affected software/component: UniFi OS (CORS configuration issue). Root cause: CORS m...
CVE-2026-54408
The CVE-2026-54408 entry concerns UniFi Protect Application with an Improper Access Control flaw that could allow a network-connected attacker to bypass authentication for data streaming. Connected advisories note multiple UniFi products (including UniFi Protect) with related vulnerabilities (e.g...
CVE-2026-12168
The CVE-2026-12168 entry concerns the Little Orbit GFAC product, specifically the GFAC_Sys_x64.sys driver. The vulnerability is described as an improper validation in the Minifilter communication port handling, allowing a local attacker to escalate privileges to SYSTEM and execute arbitrary kerne...
CVE-2026-12166
CVE-2026-12166 concerns a NULL pointer dereference in the Little Orbit GFAC driver GFAC_Sys_x64.sys that allows a local attacker to crash the system (DoS) via crafted requests. Related entries for the same GFAC driver describe additional local‑privilege/privilege‑escalation vectors: CVE-2026-1216...
CVE-2026-12167
The CVE-2026-12167 issue affects Little Orbit GFAC: the Minifilter communication port for driver GFAC_Sys_x64.sys exposes a interface with inadequate access controls. This local flaw lets an attacker access privileged driver functionality, potentially enabling kernel-mode actions. Some sources al...
CVE-2026-8079
Progress Flowmon is affected in versions prior to 12.5.9 and 13.0.11, where an authenticated low-privileged user can craft a PDF-generation request that causes operations to run with another user’s privileges, potentially exposing sensitive data and enabling unintended configuration changes. The ...