Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,527
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,921 - 1,940 of 40,154 CVEs
CVE-2026-55117 HIGH - 8.6

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device.

Vendor: Ubiquiti Inc
Product: UniFi Access Application
Published: Jul 02, 2026
Source: NVD
CVE-2026-55116 CRITICAL - 9.0

A malicious actor with access to the network and under certain network configurations could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized changes to such UniFi OS devices.

Vendor: Ubiquiti Inc
Product: Dream Machines, Enterprise Fortress Gateway, Dream Wall, Dream Routers, Express 7, Cloud Gateways, Enterprise Firewall Core
Published: Jul 02, 2026
Source: NVD
CVE-2026-55115 CRITICAL - 9.9

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.

Vendor: Ubiquiti Inc
Product: UniFi Protect Application
Published: Jul 02, 2026
Source: NVD
CVE-2026-55114 HIGH - 8.8

A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.

Vendor: Ubiquiti Inc
Product: UniFi Network Application
Published: Jul 02, 2026
Source: NVD
CVE-2026-55113 HIGH - 7.5

A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints.

Vendor: Ubiquiti Inc
Product: UniFi Talk Application
Published: Jul 02, 2026
Source: NVD
CVE-2026-55112 HIGH - 7.5

A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.

Vendor: Ubiquiti Inc
Product: Dream Machines, Dream Wall, Dream Routers, Cloud Keys, Network Video Recorders, Enterprise Video Recorders, Cloud Gateways
Published: Jul 02, 2026
Source: NVD
CVE-2026-55111 HIGH - 7.5

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Protect Floodlight devices to access files on the UniFi Protect Floodlight.

Vendor: Ubiquiti Inc
Product: UniFi Protect Floodlight
Published: Jul 02, 2026
Source: NVD
CVE-2026-55110 HIGH - 7.5

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing (CORS) misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session.

Vendor: Ubiquiti Inc
Product: UniFi OS Server, Dream Machines, Enterprise Fortress Gateway, Dream Wall, Dream Routers, Express 7, Cloud Keys, Network Video Recorders, Enterprise Video Recorders, Cloud Gateways, Network Attached Storage, Enterprise Firewall Core
Published: Jul 02, 2026
Source: NVD
CVE-2026-54409 HIGH - 7.5

A malicious actor with access to the network and under certain conditions could exploit an Improper Initialization vulnerability found in UniFi Protect Application to bypass authentication in UniFi Protect Cameras.

Vendor: Ubiquiti Inc
Product: UniFi Protect Application
Published: Jul 02, 2026
Source: NVD
CVE-2026-54408 HIGH - 8.6

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication for data streaming.

Vendor: Ubiquiti Inc
Product: UniFi Protect Application
Published: Jul 02, 2026
Source: NVD
CVE-2026-54407 HIGH - 8.6

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints.

Vendor: Ubiquiti Inc
Product: UniFi Protect Application
Published: Jul 02, 2026
Source: NVD
CVE-2026-54406 HIGH - 8.7

A malicious actor with access to the network and high privileges could exploit a Path Traversal vulnerability found in self-hosted instances of UniFi Network Application to escalate write permission on the host device.

Vendor: Ubiquiti Inc
Product: UniFi Network Application
Published: Jul 02, 2026
Source: NVD
CVE-2026-54405 HIGH - 7.5

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi Network Application to execute a Denial of Service (DoS) attack on the application.

Vendor: ui
Product: unifi_network_application
Published: Jul 02, 2026
Source: NVD
CVE-2026-54404 HIGH - 8.8

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi OS to escalate privileges within such UniFi OS devices or instances.

Vendor: Ubiquiti Inc
Product: UniFi OS Server, Dream Machines, Enterprise Fortress Gateway, Dream Wall, Dream Routers, Express 7, Cloud Keys, Network Video Recorders, Enterprise Video Recorders, Cloud Gateways, Network Attached Storage, Enterprise Firewall Core
Published: Jul 02, 2026
Source: NVD
CVE-2026-54403 HIGH - 8.6

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to bypass authentication of such UniFi OS devices or instances.

Vendor: Ubiquiti Inc
Product: UniFi OS Server, Dream Machines, Enterprise Fortress Gateway, Dream Wall, Dream Routers, Express 7, Cloud Keys, Network Video Recorders, Enterprise Video Recorders, Cloud Gateways, Network Attached Storage, Enterprise Firewall Core
Published: Jul 02, 2026
Source: NVD
CVE-2026-54402 CRITICAL - 9.9

A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UniFi OS to execute a Command Injection on the host device.

Vendor: Ubiquiti Inc
Product: UniFi OS Server, Dream Machines, Enterprise Fortress Gateway, Dream Wall, Dream Routers, Express 7, Cloud Keys, Network Video Recorders, Enterprise Video Recorders, Cloud Gateways, Network Attached Storage, Enterprise Firewall Core
Published: Jul 02, 2026
Source: NVD
CVE-2026-54401 HIGH - 7.7

A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) to escalate privileges within such UniFi OS devices or instances.

Vendor: Ubiquiti Inc
Product: UniFi OS Server, Dream Machines, Enterprise Fortress Gateway, Dream Wall, Dream Routers, Express 7, Cloud Keys, Network Video Recorders, Enterprise Video Recorders, Cloud Gateways, Network Attached Storage, Enterprise Firewall Core
Published: Jul 02, 2026
Source: NVD
CVE-2026-54400 CRITICAL - 9.1

A malicious actor with access to the network and high privileges could exploit an Improper Access Control vulnerability found in UniFi Access Application to escalate privileges on the host device.

Vendor: Ubiquiti Inc
Product: UniFi Access Application
Published: Jul 02, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() l2cap_chan_close() removes the channel from conn->chan_l, which must be done under conn->lock. cleanup_listen() runs under the parent sk_lock, so acquir...

Vendor: Linux
Product: Linux
Published: Jul 02, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() bt_accept_dequeue() unlinks a not-yet-accepted child from the parent accept queue and release_sock()s it before returning, so the returned sk has no caller refe...

Vendor: Linux
Product: Linux
Published: Jul 02, 2026
Source: NVD