Search Results (48 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54406 1 Ubiquiti 1 Unifi Network Application 2026-07-16 8.7 High
A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device.
CVE-2026-56842 1 Ubiquiti 1 Unifi Network Application 2026-07-16 7.5 High
A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed.
CVE-2026-55111 1 Ubiquiti 1 Unifi Protect Floodlight 2026-07-15 7.5 High
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight.
CVE-2026-54405 1 Ubiquiti 1 Unifi Network Application 2026-07-15 7.5 High
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service (DoS) attack on the application.
CVE-2026-55118 1 Ubiquiti 1 Unifi Network Application 2026-07-15 8.3 High
A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
CVE-2026-55114 1 Ubiquiti 1 Unifi Network Application 2026-07-15 8.8 High
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
CVE-2019-25652 2 Ubiquiti, Ui 2 Unifi Network Controller, Unifi Network Controller 2026-07-15 7.5 High
UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept SMTP traffic and obtain credentials by exploiting the insecure SSL host verification mechanism in the SMTP certificate validation process.
CVE-2019-25651 2 Ubiquiti, Ui 6 Unifi Uap-ac Firmware, Unifi Uap Firmware, Unifi Usg Firmware and 3 more 2026-07-15 8.3 High
Ubiquiti UniFi Network Controller prior to 5.10.12 (excluding 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weaknesses that allow attackers to recover encryption keys from captured traffic. Attackers with adjacent network access can capture sufficient encrypted traffic and exploit AES-CBC mode vulnerabilities to derive the encryption keys, enabling unauthorized control and management of network devices.
CVE-2023-2378 2 Ubiquiti, Ui 5 Edgerouter X, Er-x, Er-x-sfp and 2 more 2026-07-09 7.2 High
A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown function of the component Web Management Interface. This manipulation of the argument suffix-rate-up causes command injection. The attack may be initiated remotely. The exploit has been published and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
CVE-2023-2377 2 Ubiquiti, Ui 5 Edgerouter X, Er-x, Er-x-sfp and 2 more 2026-07-09 7.2 High
A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The impacted element is an unknown function of the component Web Management Interface. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit is now public and may be used. There is ongoing doubt regarding the real existence of this vulnerability. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
CVE-2023-2376 2 Ubiquiti, Ui 5 Edgerouter X, Er-x, Er-x-sfp and 2 more 2026-07-09 7.2 High
A security vulnerability has been detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The affected element is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. There are still doubts about whether this vulnerability truly exists. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
CVE-2023-2375 2 Ubiquiti, Ui 5 Edgerouter X, Er-x, Er-x-sfp and 2 more 2026-07-09 7.2 High
A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The presence of this vulnerability remains uncertain at this time. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
CVE-2023-2374 2 Ubiquiti, Ui 5 Edgerouter X, Er-x, Er-x-sfp and 2 more 2026-07-09 7.2 High
A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This issue affects some unknown processing of the component Web Management Interface. Performing a manipulation of the argument ecn-down results in command injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. The existence of this vulnerability is still disputed at present. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
CVE-2023-2373 2 Ubiquiti, Ui 4 Edgerouter X, Edgemax Edgerouter Firmware, Er-x and 1 more 2026-07-09 7.2 High
A vulnerability was identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This vulnerability affects unknown code of the component Web Management Interface. Such manipulation of the argument ecn-up leads to command injection. The attack may be performed from remote. The exploit is publicly available and might be used. The actual existence of this vulnerability is currently in question. The vendor position is that post-authentication issues are not accepted as vulnerabilities.
CVE-2026-34908 1 Ubiquiti 31 Efg, Envr, Envr-core and 28 more 2026-06-24 10 Critical
A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
CVE-2026-34910 1 Ubiquiti 31 Efg, Envr, Envr-core and 28 more 2026-06-24 10 Critical
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVE-2026-22557 1 Ubiquiti 1 Unifi Network Application 2026-06-24 10 Critical
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in the UniFi Network Application to access files on the underlying system that could be manipulated to access an underlying account.
CVE-2026-34909 1 Ubiquiti 31 Efg, Envr, Envr-core and 28 more 2026-06-24 10 Critical
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
CVE-2026-33000 1 Ubiquiti 1 Unifi Os 2026-06-18 9.1 Critical
A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVE-2026-47367 1 Ubiquiti 1 Uid Enterprise Agent 2026-06-12 9.9 Critical
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host device.