Lucene search
K

368643 matches found

CVE
CVE
added 4 days ago10 views

CVE-2026-50748

CVE-2026-50748 describes an Improp er Input Validation vulnerability in the UniFi Access Application that enables a Command Injection on the host when an attacker with network access and low privileges can exploit it. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating...

9.9CVSS5.8AI score0.00789EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-54409

Summary of CVE-2026-54409 : A network-accessible vulnerability in the UniFi Protect Application, described as an Improper Initialization flaw, could allow a attacker to bypass authentication on UniFi Protect Cameras under certain conditions. Affected components are the UniFi Protect Application a...

7.5CVSS5.8AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-54403

The CVE-2026-54403 entry concerns a Path Traversal vulnerability in UniFi OS devices. The issue allows an attacker with network access to bypass authentication on affected UniFi OS devices/instances by exploiting path traversal. The provided sources describe the vulnerability but do not specify a...

8.6CVSS5.8AI score0.00481EPSS
Exploits0References1
CVE
CVE
added 4 days ago12 views

CVE-2026-54404

UniFi OS is affected by CVE-2026-54404, which describes a series of authenticated SQL Injection vulnerabilities that allow a user with network access and low privileges to escalate privileges within UniFi OS devices or instances. The available sources confirm the issue and provide a CVSSv3.1 base...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-54407

The CVE-2026-54407 entry concerns UniFi Protect Application with an Improper Access Control flaw that allows bypassing authentication on certain API endpoints. The vulnerability enables an unauthenticated or improperly authenticated actor with network access to interact with protected UniFi Prote...

8.6CVSS5.8AI score0.00306EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-54405

CVE-2026-54405 affects UniFi Network Application. The root cause is an improper input validation issue that could allow a network-access attacker to cause a Denial of Service on the application. Impact: availability loss (CVSSv3.1 base score 7.5, HIGH). Exploitation details are not provided in th...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
CVE
CVE
added 4 days ago18 views

CVE-2026-50746

CVE-2026-50746 describes an "Improper Access Control" vulnerability in UniFi Connect Application that could allow a malicious actor with network access to perform a Command Injection on the host device. The publicly provided descriptions indicate the issue enables remote command execution with no...

10CVSS5.8AI score0.00826EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-54400

Technical details about CVE-2026-54400 are not publicly available in the provided documents. Monitor for updates from vendors for affected UniFi Access Application components and mitigations.

9.1CVSS5.8AI score0.00257EPSS
Exploits0References1
CVE
CVE
added 4 days ago16 views

CVE-2026-54406

CVE-2026-54406 : A Path Traversal vulnerability affects self-hosted instances of UniFi Network Application. The issue allows a malicious actor with network access and high privileges to escalate write permissions on the host device. Affected component: path traversal in the application’s handling...

8.7CVSS5.8AI score0.00325EPSS
Exploits0References1
CVE
CVE
added 4 days ago16 views

CVE-2026-54408

CVE-2026-54408 affects the UniFi Protect Application. Description indicates an Improper Access Control vulnerability that could allow a malicious actor with network access to bypass authentication for data streaming. The shared sources (NVD, CVE records) do not provide concrete technical specific...

8.6CVSS5.8AI score0.00273EPSS
Exploits0References1
CVE
CVE
added 4 days ago7 views

CVE-2026-12168

The CVE-2026-12168 entry concerns the Little Orbit GFAC product, specifically the GFAC_Sys_x64.sys driver. The vulnerability is described as an improper validation in the Minifilter communication port handling, allowing a local attacker to escalate privileges to SYSTEM and execute arbitrary kerne...

7.8CVSS6.1AI score0.0013EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-12166

CVE-2026-12166 concerns a NULL pointer dereference in the Little Orbit GFAC driver GFAC_Sys_x64.sys that allows a local attacker to crash the system (DoS) via crafted requests. Related entries for the same GFAC driver describe additional local‑privilege/privilege‑escalation vectors: CVE-2026-1216...

5.5CVSS5.8AI score0.00169EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-12167

The CVE-2026-12167 issue affects Little Orbit GFAC: the Minifilter communication port for driver GFAC_Sys_x64.sys exposes a interface with inadequate access controls. This local flaw lets an attacker access privileged driver functionality, potentially enabling kernel-mode actions. Some sources al...

7.8CVSS5.8AI score0.0011EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-8079

Progress Flowmon is affected in versions prior to 12.5.9 and 13.0.11, where an authenticated low-privileged user can craft a PDF-generation request that causes operations to run with another user’s privileges, potentially exposing sensitive data and enabling unintended configuration changes. The ...

8.7CVSS5.8AI score0.00207EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-9272

CVE-2026-9272 affects Progress Flowmon ADS prior to 12.5.6 and 13.0.5. An adversary authenticated as a low-privileged ADS user can send specially crafted requests that lead to unauthorized access to and modification of application data. The CVE’s metrics indicate HIGH impact on confidentiality, i...

8.7CVSS5.8AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 4 days ago7 views

CVE-2026-54764

Technical details for CVE-2026-54764 are not publicly available in the provided documents. Monitor for updates as the entry is reserved and no exposed vulnerability information is present.

Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-54765

Technical details for CVE-2026-54765 are not publicly available in the provided documents. Monitor for updates; no affected products, vectors, or remediation can be stated from the available data.

Exploits0References2
CVE
CVE
added 4 days ago11 views

CVE-2026-54763

Technical details for CVE-2026-54763 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified. Monitor for updates as information becomes available.

Exploits0References2
CVE
CVE
added 4 days ago6 views

CVE-2026-45045

GoFiber vulnerability (BalancerForward) : The GoFiber proxy helper uses Header.Add("X-Real-IP", c.IP()) instead of Header.Set(), causing the attacker-supplied IP to be combined with the real client IP. Upstream servers that read the first X-Real-IP value can log, rate-limit, or gate access using ...

Exploits0References4
CVE
CVE
added 4 days ago13 views

CVE-2026-44332

Summary: GoFiber’s BasicAuth default Authorizer short-circuits on unknown usernames, causing a timing oracle that leaks username existence. The vulnerability arises because verifiers are only invoked for known users; for unknown users, authentication returns false immediately, creating a ~100ms v...

Exploits0References4
Rows per page
Query Builder