CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-44941
High

A relative path traversal vulnerability in the "keyhint" option during repomd.xml parsing in libzypp before version 17.38.12. Attackers able to supply a malicious repository can inject or overwrite files on the target system as root.

CVE-2026-9272
High

In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability allows an authenticated attacker with low privileges to send specially crafted requests, potentially leading to unauthorized access to application data and its modification.

CVE-2026-8079
High

In Progress Flowmon versions prior to 12.5.9 and 13.0.11, an authenticated low-privileged user may craft a request during PDF generation, resulting in operations performed with another user's privileges. This could lead to unauthorized access to sensitive data and unintended system configuration changes.

CVE-2026-56842
High

An Incorrect Authorization vulnerability in UniFi Network Application allows a malicious actor with network access to persist privileges after such access has been removed, under certain conditions.

CVE-2026-56841
High

An authenticated SQL Injection vulnerability in UniFi Protect Application allows an attacker with network access and low privileges to escalate privileges on the host device by injecting malicious SQL code.

CVE-2026-56004
Critical

A shellcode injection vulnerability in the Mercurial handler of the obs tar_scm source service before version 0.12.4 allows attackers with a malicious _service file to execute code as the source service or the local user.

CVE-2026-55119
High

A vulnerability in the UniFi Talk Application allows an attacker with network access and low privileges to escalate privileges through improper access control.

CVE-2026-55118
High

A vulnerability in UniFi Network Application allows privilege escalation by an attacker with network access and low privileges, under certain conditions. The issue stems from improper access control.

CVE-2026-55117
High

A Path Traversal vulnerability in UniFi Access Application allows a malicious actor with network access to access files on the host device.

CVE-2026-55116
Critical

A vulnerability in UniFi OS allows unauthorized changes to devices by an attacker with network access under certain network configurations. The flaw is due to improper access control.

CVE-2026-55115
Critical

An SSRF vulnerability in UniFi Protect Application allows an attacker with network access and low privileges to escalate privileges on the host device.

CVE-2026-55114
High

A vulnerability in UniFi Network Application allows an attacker with network access and low privileges to escalate privileges within the application by exploiting improper access control.

CVE-2026-55113
High

An SSRF vulnerability in UniFi Talk Application allows an attacker with network access to perform a DoS attack and bypass authentication on certain API endpoints.

CVE-2026-55112
High

A vulnerability in UniFi OS with UniFi Protect Application allows privilege escalation on the host device. An attacker with network access and low privileges can exploit improper access control.

CVE-2026-55111
High

A Path Traversal vulnerability in UniFi Protect Floodlight devices allows an attacker with network access to read files on the affected device.

CVE-2026-55110
High

A vulnerability in UniFi OS stems from a misconfigured CORS policy, allowing an attacker to lure an authenticated user to a malicious page and trigger actions in the system using that user's session.

CVE-2026-54409
High

A vulnerability in the UniFi Protect Application allows an attacker with network access, under certain conditions, to bypass authentication in UniFi Protect Cameras due to improper initialization.

CVE-2026-54408
High

A vulnerability in the UniFi Protect Application allows an attacker with network access to bypass authentication for data streaming due to improper access control.

CVE-2026-54407
High

An improper access control vulnerability in UniFi Protect Application allows an attacker with network access to bypass authentication in certain API endpoints.

CVE-2026-54406
High

A Path Traversal vulnerability in self-hosted instances of UniFi Network Application allows an attacker with network access and high privileges to escalate write permissions on the host device.

PreviousPage 16 of 4456Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS