|
391
|
8.6 |
HIGH
Network
|
-
|
-
|
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
New
|
CWE-22
Path Traversal
|
CVE-2026-47368
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
392
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such U…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-47369
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
393
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection withi…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-47370
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
394
|
8.1 |
HIGH
Network
|
-
|
-
|
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized ch…
New
|
CWE-284
Improper Access Control
|
CVE-2026-48610
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
395
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-45467
|
2026-06-13 01:09 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
396
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-45481
|
2026-06-13 01:08 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
397
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CL…
New
|
CWE-88
Argument Injection
|
CVE-2026-47365
|
2026-06-13 01:08 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
398
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store'…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-53787
|
2026-06-13 01:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
399
|
7.2 |
HIGH
Network
|
-
|
-
|
Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level auth…
New
|
CWE-284
Improper Access Control
|
CVE-2026-47366
|
2026-06-13 01:07 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
400
|
7.7 |
HIGH
Local
|
-
|
-
|
Brickcom cameras
ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
New
|
CWE-1392
Use of Default Credentials
|
CVE-2026-50005
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
