CVE-2024-42025
- EPSS 0.25%
- Published 13.09.2024 16:15:04
- Last modified 28.09.2024 18:35:02
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device...
CVE-2023-41721
- EPSS 0.24%
- Published 25.10.2023 18:17:30
- Last modified 21.11.2024 08:21:32
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration informatio...
CVE-2023-32000
- EPSS 0.28%
- Published 08.07.2023 00:15:09
- Last modified 21.11.2024 08:02:30
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.
CVE-2023-28365
- EPSS 0.18%
- Published 01.07.2023 00:15:10
- Last modified 12.12.2024 18:54:11
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.