|
601
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host devic…
|
CWE-20
Improper Input Validation
|
CVE-2026-47367
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
602
|
8.6 |
HIGH
Network
|
-
|
-
|
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
|
CWE-22
Path Traversal
|
CVE-2026-47368
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
603
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such U…
|
CWE-20
Improper Input Validation
|
CVE-2026-47369
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
604
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection withi…
|
CWE-20
Improper Input Validation
|
CVE-2026-47370
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
605
|
8.1 |
HIGH
Network
|
-
|
-
|
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized ch…
|
CWE-284
Improper Access Control
|
CVE-2026-48610
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
606
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-45467
|
2026-06-13 01:09 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
607
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-45481
|
2026-06-13 01:08 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
608
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CL…
|
CWE-88
Argument Injection
|
CVE-2026-47365
|
2026-06-13 01:08 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
609
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store'…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-53787
|
2026-06-13 01:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
610
|
7.2 |
HIGH
Network
|
-
|
-
|
Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level auth…
|
CWE-284
Improper Access Control
|
CVE-2026-47366
|
2026-06-13 01:07 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
