|
141
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.
New
|
CWE-287
Improper Authentication
|
CVE-2026-48611
|
2026-06-13 01:15 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
8.0 |
HIGH
Network
|
-
|
-
|
Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account. This…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-48612
|
2026-06-13 01:15 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
5.9 |
MEDIUM
Network
|
-
|
-
|
SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies t…
New
|
CWE-89
SQL Injection
|
CVE-2026-48613
|
2026-06-13 01:15 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection on the host devic…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-47367
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
8.6 |
HIGH
Network
|
-
|
-
|
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS devices or instances.
New
|
CWE-22
Path Traversal
|
CVE-2026-47368
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges within such U…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-47369
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
9.9 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a Command Injection withi…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-47370
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
8.1 |
HIGH
Network
|
-
|
-
|
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized ch…
New
|
CWE-284
Improper Access Control
|
CVE-2026-48610
|
2026-06-13 01:10 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45467
|
2026-06-13 01:09 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
5.4 |
MEDIUM
Network
|
microsoft
|
sharepoint_server
|
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45481
|
2026-06-13 01:08 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
