|
1071
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such U…
|
CWE-20
Improper Input Validation
|
CVE-2026-47369
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1072
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection withi…
|
CWE-20
Improper Input Validation
|
CVE-2026-47370
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1073
|
8.1 |
HIGH
Network
|
-
|
-
|
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized ch…
|
CWE-284
Improper Access Control
|
CVE-2026-48610
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1074
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-45467
|
2026-06-13 01:09 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1075
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
|
CWE-79
Cross-site Scripting
|
CVE-2026-45481
|
2026-06-13 01:08 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1076
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CL…
|
CWE-88
Argument Injection
|
CVE-2026-47365
|
2026-06-13 01:08 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1077
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store'…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-53787
|
2026-06-13 01:07 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1078
|
7.2 |
HIGH
Network
|
-
|
-
|
Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level auth…
|
CWE-284
Improper Access Control
|
CVE-2026-47366
|
2026-06-13 01:07 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1079
|
7.7 |
HIGH
Local
|
-
|
-
|
Brickcom cameras
ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
|
CWE-1392
Use of Default Credentials
|
CVE-2026-50005
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1080
|
7.7 |
HIGH
Local
|
-
|
-
|
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-50245
|
2026-06-13 01:06 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
