Search Results (41 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-55114 1 Ubiquiti 1 Unifi Network Application 2026-07-02 8.8 High
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
CVE-2026-55118 1 Ubiquiti 1 Unifi Network Application 2026-07-02 8.3 High
A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
CVE-2026-56842 1 Ubiquiti 1 Unifi Network Application 2026-07-02 7.5 High
A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed.
CVE-2026-54405 1 Ubiquiti 1 Unifi Network Application 2026-07-02 7.5 High
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service (DoS) attack on the application.
CVE-2026-54406 1 Ubiquiti 1 Unifi Network Application 2026-07-02 8.7 High
A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device.
CVE-2026-34908 1 Ubiquiti 31 Efg, Envr, Envr-core and 28 more 2026-06-24 10 Critical
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
CVE-2026-34910 1 Ubiquiti 31 Efg, Envr, Envr-core and 28 more 2026-06-24 10 Critical
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVE-2026-22557 1 Ubiquiti 1 Unifi Network Application 2026-06-24 10 Critical
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
CVE-2026-34909 1 Ubiquiti 31 Efg, Envr, Envr-core and 28 more 2026-06-24 10 Critical
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
CVE-2026-33000 1 Ubiquiti 1 Unifi Os 2026-06-18 9.1 Critical
A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVE-2026-47367 1 Ubiquiti 1 Uid Enterprise Agent 2026-06-12 9.9 Critical
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.
CVE-2026-47368 1 Ubiquiti 31 Efg, Envr, Envr-core and 28 more 2026-06-12 8.6 High
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
CVE-2026-47369 1 Ubiquiti 32 Efg, Envr, Envr-core and 29 more 2026-06-12 9.9 Critical
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such UniFi OS devices or instances.
CVE-2026-47370 1 Ubiquiti 31 Efg, Envr, Envr-core and 28 more 2026-06-12 9.9 Critical
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection within such UniFi OS devices or instances.
CVE-2026-48610 1 Ubiquiti 15 Efg, Express 7, Ucg-fiber and 12 more 2026-06-12 8.1 High
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.
CVE-2026-34911 1 Ubiquiti 31 Efg, Envr, Envr-core and 28 more 2026-05-22 7.7 High
A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to obtain sensitive information.
CVE-2019-25652 1 Ubiquiti 1 Unifi Network Controller 2026-05-12 7.5 High
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.
CVE-2019-25651 1 Ubiquiti 4 Unifi Uap-ac Firmware, Unifi Uap Firmware, Unifi Usg Firmware and 1 more 2026-05-12 8.3 High
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices.
CVE-2026-21634 2 Ubiquiti, Ui 2 Protect Application, Unifi Protect 2026-04-18 6.5 Medium
A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart. Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
CVE-2026-21633 2 Ubiquiti, Ui 2 Protect Application, Unifi Protect 2026-04-18 8.8 High
A malicious actor with access to the adjacent network could obtain unauthorized access to a UniFi Protect Camera by exploiting a discovery protocol vulnerability in the Unifi Protect Application (Version 6.1.79 and earlier). Affected Products: UniFi Protect Application (Version 6.1.79 and earlier). Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.