Vulnerabilities > UI > Unifi Network Application
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-13 | CVE-2024-42025 | Command Injection vulnerability in UI Unifi Network Application A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. | 7.8 |
2023-10-25 | CVE-2023-41721 | Unspecified vulnerability in UI Unifi Network Application Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. | 5.3 |
2023-07-08 | CVE-2023-32000 | Cross-site Scripting vulnerability in UI Unifi Network Application A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. | 4.8 |
2023-07-01 | CVE-2023-28365 | Command Injection vulnerability in UI Unifi Network Application A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. | 9.1 |