CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-55118
High

A vulnerability in UniFi Network Application allows privilege escalation by an attacker with network access and low privileges, under certain conditions. The issue stems from improper access control.

CVE-2026-55117
High

A Path Traversal vulnerability in UniFi Access Application allows a malicious actor with network access to access files on the host device.

CVE-2026-55114
High

A vulnerability in UniFi Network Application allows an attacker with network access and low privileges to escalate privileges within the application by exploiting improper access control.

CVE-2026-55113
High

An SSRF vulnerability in UniFi Talk Application allows an attacker with network access to perform a DoS attack and bypass authentication on certain API endpoints.

CVE-2026-55112
High

A vulnerability in UniFi OS with UniFi Protect Application allows privilege escalation on the host device. An attacker with network access and low privileges can exploit improper access control.

CVE-2026-55111
High

A Path Traversal vulnerability in UniFi Protect Floodlight devices allows an attacker with network access to read files on the affected device.

CVE-2026-55110
High

A vulnerability in UniFi OS stems from a misconfigured CORS policy, allowing an attacker to lure an authenticated user to a malicious page and trigger actions in the system using that user's session.

CVE-2026-54409
High

A vulnerability in the UniFi Protect Application allows an attacker with network access, under certain conditions, to bypass authentication in UniFi Protect Cameras due to improper initialization.

CVE-2026-54408
High

A vulnerability in the UniFi Protect Application allows an attacker with network access to bypass authentication for data streaming due to improper access control.

CVE-2026-54407
High

An improper access control vulnerability in UniFi Protect Application allows an attacker with network access to bypass authentication in certain API endpoints.

CVE-2026-54406
High

A Path Traversal vulnerability in self-hosted instances of UniFi Network Application allows an attacker with network access and high privileges to escalate write permissions on the host device.

CVE-2026-54405
High

A vulnerability in UniFi Network Application allows an attacker with network access to execute a Denial of Service (DoS) attack through improper input validation.

CVE-2026-54404
High

An SQL Injection vulnerability in UniFi OS allows an attacker with network access and low privileges to escalate privileges on affected UniFi OS devices or instances.

CVE-2026-54403
High

A Path Traversal vulnerability in devices running UniFi OS allows an attacker with network access to bypass authentication. The flaw affects specific UniFi OS devices or instances.

CVE-2026-54401
High

An SSRF vulnerability in UniFi OS allows an attacker with network access and low privileges to escalate privileges on the device or instance.

CVE-2026-12168
High

An improper validation vulnerability in the `GFAC_Sys_x64.sys` driver of Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port.

CVE-2026-12167
High

The vulnerability in the `GFAC_Sys_x64.sys` driver of Little Orbit GFAC allows a local attacker to access privileged driver functions through a Minifilter communication port that lacks proper access restrictions.

CVE-2026-58652
High

A privilege escalation flaw in luci-app-travelmate and the travelmate package allows a session with UCI write ACL to set arbitrary script and arguments, executed as root by the travelmate service. The UI restriction to /etc/travelmate/*.login is only frontend.

CVE-2026-57766
High

The WPIDE – File Manager & Code Editor plugin version 3.5.6 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can exploit this flaw to perform unauthorized actions in the context of the site administrator.

CVE-2026-57765
High

The WP EasyCart plugin for WordPress versions 5.9.0 and earlier contains a SQL injection vulnerability via the 'contributor' attribute. This allows an attacker to manipulate database queries.

PreviousPage 7 of 3314Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS