Vulnerabilities > UI > Unifi Network Application

DATE CVE VULNERABILITY TITLE RISK
2024-09-13 CVE-2024-42025 Command Injection vulnerability in UI Unifi Network Application
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device.
local
low complexity
ui CWE-77
7.8
2023-10-25 CVE-2023-41721 Unspecified vulnerability in UI Unifi Network Application
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176.
network
low complexity
ui
5.3
2023-07-08 CVE-2023-32000 Cross-site Scripting vulnerability in UI Unifi Network Application
A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.
network
low complexity
ui CWE-79
4.8
2023-07-01 CVE-2023-28365 Command Injection vulnerability in UI Unifi Network Application
A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.
network
low complexity
ui CWE-77
critical
9.1