CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-55112
High

A vulnerability in UniFi OS with UniFi Protect Application allows privilege escalation on the host device. An attacker with network access and low privileges can exploit improper access control.

CVE-2026-55111
High

A Path Traversal vulnerability in UniFi Protect Floodlight devices allows an attacker with network access to read files on the affected device.

CVE-2026-55110
High

A vulnerability in UniFi OS stems from a misconfigured CORS policy, allowing an attacker to lure an authenticated user to a malicious page and trigger actions in the system using that user's session.

CVE-2026-54409
High

A vulnerability in the UniFi Protect Application allows an attacker with network access, under certain conditions, to bypass authentication in UniFi Protect Cameras due to improper initialization.

CVE-2026-54408
High

A vulnerability in the UniFi Protect Application allows an attacker with network access to bypass authentication for data streaming due to improper access control.

CVE-2026-54407
High

An improper access control vulnerability in UniFi Protect Application allows an attacker with network access to bypass authentication in certain API endpoints.

CVE-2026-54406
High

A Path Traversal vulnerability in self-hosted instances of UniFi Network Application allows an attacker with network access and high privileges to escalate write permissions on the host device.

CVE-2026-54405
High

A vulnerability in UniFi Network Application allows an attacker with network access to execute a Denial of Service (DoS) attack through improper input validation.

CVE-2026-54404
High

An SQL Injection vulnerability in UniFi OS allows an attacker with network access and low privileges to escalate privileges on affected UniFi OS devices or instances.

CVE-2026-54403
High

A Path Traversal vulnerability in devices running UniFi OS allows an attacker with network access to bypass authentication. The flaw affects specific UniFi OS devices or instances.

CVE-2026-54402
Critical

A vulnerability in UniFi OS allows an attacker with network access and low privileges to execute command injection on the host device due to improper input validation.

CVE-2026-54401
High

An SSRF vulnerability in UniFi OS allows an attacker with network access and low privileges to escalate privileges on the device or instance.

CVE-2026-54400
Critical

A vulnerability in UniFi Access Application allows privilege escalation on the host device. An attacker with network access and high privileges can exploit improper access control.

CVE-2026-53358
Unknown

In the Linux kernel, a vulnerability in the Bluetooth L2CAP subsystem was found where improper lock ordering in cleanup_listen() could cause a deadlock. Instead of calling l2cap_chan_close() directly, channels are now closed asynchronously using a timer to avoid lock inversion.

CVE-2026-53357
Unknown

A use-after-free (UAF) vulnerability was discovered in the Linux kernel's Bluetooth stack. The issue occurs in l2cap_sock_cleanup_listen() and l2cap_conn_del() functions, where a race condition during listening socket close and concurrent HCI disconnect leads to a freed child socket being used by the cleanup function. This vulnerability can cause system crashes or potentially privilege escalation.

CVE-2026-50748
Critical

A vulnerability in UniFi Access Application allows an attacker with network access and low privileges to execute command injection on the host device due to improper input validation.

CVE-2026-50747
Critical

An authenticated SQL Injection vulnerability in UniFi Talk Application allows a network-accessible attacker with low privileges to escalate privileges on the host device.

CVE-2026-50746
Critical

A vulnerability in the UniFi Connect application allows an attacker with network access to execute command injection on the host device due to improper access control.

CVE-2026-12168
High

An improper validation vulnerability in the `GFAC_Sys_x64.sys` driver of Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port.

CVE-2026-12167
High

The vulnerability in the `GFAC_Sys_x64.sys` driver of Little Orbit GFAC allows a local attacker to access privileged driver functions through a Minifilter communication port that lacks proper access restrictions.

PreviousPage 20 of 4471Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS