Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ui vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2015-9266
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated malicious user to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain roo...
Ui Airmax Ac Firmware 7.1.3
Ui Airmax M Xm Firmware
Ui Airmax M Xw Firmware
Ui Airmax M Ti Firmware
Ui Airgateway Firmware
Ui Airfiber Af24 Firmware
Ui Airfiber Af24hd Firmware
Ui Af5x Firmware
Ui Af5 Firmware
Ubnt Airos 4 Xs5
Ubnt Airos 4 Xs2
Ubnt Edgeswitch Xp Firmware
1 EDB exploit
7.8
CVSSv2
CVE-2019-16889
Ubiquiti EdgeMAX devices prior to 2.0.3 allow remote malicious users to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cook...
Ui Er-x Firmware
Ui Er-x-sfp Firmware
Ui Ep-r6 Firmware
Ui Erlite-3 Firmware
Ui Erpoe-5 Firmware
Ui Er-8 Firmware
Ui Erpro-8 Firmware
Ui Ep-r8 Firmware
Ui Er-4 Firmware
Ui Er-6p Firmware
Ui Er-12 Firmware
Ui Er-8-xg Firmware
2 Github repositories
4.3
CVSSv2
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and previous versions, 7.9.1 and previous versions, and 8.0.0-M8 and previous versions, a security issue has been discovered in the WYSIWYG editor that allows an malicious user to submit arbitrary JS code to WYSIWYG editor.
Wicket-jquery-ui Project Wicket-jquery-ui
Wicket-jquery-ui Project Wicket-jquery-ui 7.0.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.2.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.3.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.9.0
Wicket-jquery-ui Project Wicket-jquery-ui 8.0.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.0.1
Wicket-jquery-ui Project Wicket-jquery-ui 7.0.2
Wicket-jquery-ui Project Wicket-jquery-ui 7.1.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.4.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.5.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.6.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.7.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.2.1
Wicket-jquery-ui Project Wicket-jquery-ui 7.3.1
Wicket-jquery-ui Project Wicket-jquery-ui 7.8.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.9.1
NA
CVE-2023-23912
A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and previous versions and UniFi Security Gateways (USG) Version 4.4.56 and previous versions with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to...
Ui Usg Firmware
Ui Usg-pro-4 Firmware
Ui Er-10x Firmware
Ui Er-10x Firmware 2.0.9
Ui Er-12 Firmware
Ui Er-12 Firmware 2.0.9
Ui Er-12p Firmware
Ui Er-12p Firmware 2.0.9
Ui Er-4 Firmware
Ui Er-4 Firmware 2.0.9
Ui Er-6p Firmware
Ui Er-6p Firmware 2.0.9
Ui Er-8-xg Firmware
Ui Er-8-xg Firmware 2.0.9
Ui Er-x Firmware
Ui Er-x Firmware 2.0.9
Ui Er-x-sfp Firmware
Ui Er-x-sfp Firmware 2.0.9
NA
CVE-2022-44565
An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device.
Ui Airfiber Gigabeam Firmware
Ui Airfiber 60-xg Firmware
Ui Airfiber 60-hd Firmware
Ui Airfiber 60-lr Firmware
Ui Airmax Ac Firmware
Ui Airfiber 60 Firmware
NA
CVE-2024-23827
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possib...
Nginxui Nginx Ui 2.0.0
Nginxui Nginx Ui 1.2.0
Nginxui Nginx Ui 1.2.1
Nginxui Nginx Ui 1.2.2
Nginxui Nginx Ui 1.3.0
Nginxui Nginx Ui 1.3.1
Nginxui Nginx Ui 1.3.2
Nginxui Nginx Ui 1.3.3
Nginxui Nginx Ui 1.4.0
Nginxui Nginx Ui 1.4.1
Nginxui Nginx Ui 1.4.2
Nginxui Nginx Ui 1.5.0
Nginxui Nginx Ui 1.5.1
Nginxui Nginx Ui 1.5.2
Nginxui Nginx Ui 1.6.0
Nginxui Nginx Ui 1.6.1
Nginxui Nginx Ui 1.6.2
Nginxui Nginx Ui 1.6.3
Nginxui Nginx Ui 1.6.5
Nginxui Nginx Ui 1.6.6
Nginxui Nginx Ui 1.6.7
Nginxui Nginx Ui 1.6.8
7.5
CVSSv2
CVE-2013-1606
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware prior to 1.1.6 allows remote malicious users to execute arbitrary code via a long rtsp: URI in a DESCRIBE request.
Ui Airvision Firmware
Ui Aircam Mini -
Ui Aircam Dome -
Ui Aircam -
1 EDB exploit
5
CVSSv2
CVE-2019-0388
SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an malicious user to manipulate content due to insufficient URL validation.
Sap Ui 2.0
Sap Ui 7.5
Sap Ui 7.51
Sap Ui 7.52
Sap Ui 7.53
Sap Ui 7.54
NA
CVE-2023-33991
SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability. After successful...
Sap Ui 750
Sap Ui 754
Sap Ui 755
Sap Ui 756
Sap Ui 757
Sap Ui 700
4.3
CVSSv2
CVE-2018-1325
In Apache wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.
Wicket-jquery-ui Project Wicket-jquery-ui 7.0.0
Wicket-jquery-ui Project Wicket-jquery-ui 8.0.0
Wicket-jquery-ui Project Wicket-jquery-ui
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »