Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-58455 — Dockwatch 0.6.567 Unauthenticated OS Command Injection via ajax/compose.php

Dockwatch through 0.6.567 contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands by exploiting a missing exit() after an authe…

Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
10.0 CRITICAL
CVE-2026-56004 — obs-service-tar_scm: command injection via mercurial handler

A shellcode injection in the mercurial handler of the obs tar_scm source service before version 0.12.4 could be used by attackers able to provide a _service file to execute code as the source service…

Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.1 HIGH
CVE-2026-55119 — UniFi Talk Application Improper Access Control Privilege Escalation

A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Talk Application to escalate privileges within the UniFi Talk App…

Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.8 HIGH

A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Netwo…

unifi_network_application | Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.5 HIGH
CVE-2026-56842 — UniFi Network Application Incorrect Authorization Privilege Escalation

A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi …

unifi_network_application | Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.0 CRITICAL
CVE-2026-55116 — UniFi OS Improper Access Control Vulnerability

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthor…

Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-56841 — UniFi Protect SQL Injection Privilege Escalation

A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device.

unifi_protect | Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.9 CRITICAL
CVE-2026-55115 — UniFi Protect Application SSRF Privilege Escalation

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.

unifi_protect | Remote | Server-Side Request Forgery
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.3 HIGH
CVE-2026-55118 — UniFi Network Application Improper Access Control Privilege Escalation

A malicious actor with access to the network,low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileg…

unifi_network_application | Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.5 HIGH
CVE-2026-55112 — UniFi OS / UniFi Protect Improper Access Control Privilege Escalation

A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to…

Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.6 HIGH
CVE-2026-55117 — UniFi Access Application Path Traversal

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device.

unifi_access | Remote | Path Traversal
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.5 HIGH
CVE-2026-55113 — UniFi Talk SSRF Vulnerability Leads to Denial of Service and Authentication Bypass

A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass au…

Remote | Server-Side Request Forgery
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.5 HIGH
CVE-2026-55111 — Ubiquiti UniFi Protect Floodlight Path Traversal

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight.

Remote | Path Traversal
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.7 HIGH
CVE-2026-54401 — UniFi OS SSRF Privilege Escalation

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.

unifi_os_server | Remote | Server-Side Request Forgery
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.9 CRITICAL
CVE-2026-54402 — UniFi OS Command Injection

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.

unifi_os_server | Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.9 CRITICAL
CVE-2026-50747 — UniFi Talk SQL Injection Privilege Escalation

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the hos…

Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
10.0 CRITICAL
CVE-2026-50746 — UniFi Connect Improper Access Control Command Injection

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Connect Application to execute a Command Injection on the host device.

Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
7.5 HIGH
CVE-2026-55110 — UniFi OS CORS Misconfiguration Vulnerability

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that…

unifi_os_server | Remote | Misconfiguration
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-54404 — UniFi OS Authenticated SQL Injection Privilege Escalation

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS dev…

unifi_os_server | Remote | Injection
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
9.1 CRITICAL
CVE-2026-54400 — UniFi Access Application Improper Access Control Privilege Escalation

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.

unifi_access | Remote | Authorization
Jul 02, 2026 Jul 02, 2026
Jul 02, 2026
Jul 02, 2026
Showing 20 of 7990 Results