Search Results (363422 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-11965 2026-07-05 6.5 Medium
The User Registration & Membership WordPress plugin before 5.2.0 does not enforce payment completion before activating a paid membership subscription, allowing unauthenticated users (after self-registering an account through the open registration flow) to obtain an active subscription on any paid plan without paying and access the gated content.
CVE-2026-54407 2026-07-05 8.6 High
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints.
CVE-2026-54403 2026-07-05 8.6 High
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.
CVE-2026-54409 2026-07-05 7.5 High
A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras.
CVE-2026-54408 2026-07-05 8.6 High
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming.
CVE-2026-54406 1 Ubiquiti 1 Unifi Network Application 2026-07-05 8.7 High
A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device.
CVE-2026-54404 2026-07-05 8.8 High
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.
CVE-2026-50746 2026-07-05 10 Critical
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.
CVE-2026-54402 2026-07-05 9.9 Critical
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.
CVE-2026-55113 2026-07-05 7.5 High
A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints.
CVE-2026-55117 2026-07-05 8.6 High
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device.
CVE-2026-55115 2026-07-05 9.9 Critical
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.
CVE-2026-56841 2026-07-05 8.8 High
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device.
CVE-2026-56842 1 Ubiquiti 1 Unifi Network Application 2026-07-05 7.5 High
A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed.
CVE-2026-55119 2026-07-05 8.1 High
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate privileges within the UniFi Talk Application.
CVE-2026-10536 1 Curl 1 Curl 2026-07-05 N/A
A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CURLOPT_STREAM_DEPENDS_E`, subsequently invokes `curl_easy_reset()`, and finally terminates the handle with `curl_easy_cleanup()`. During this final cleanup phase, libcurl attempts to access and modify an internal structure that was already freed during the reset operation.
CVE-2026-11352 1 Curl 1 Curl 2026-07-05 N/A
An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. Because the helper function discards zero-length UDP datagrams before counting them toward the per-call packet budget, a connected QUIC peer can continuously stream empty datagrams to indefinitely stall the client.
CVE-2026-11586 1 Curl 1 Curl 2026-07-05 N/A
By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages.
CVE-2026-8286 1 Curl 1 Curl 2026-07-05 N/A
A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not.
CVE-2026-9079 1 Curl 1 Curl 2026-07-05 N/A
libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them.