Ubiquiti Patches 7 Critical UniFi OS Flaws — Max Severity
Ubiquiti warns of CVE-2026-50746 (CVSS 10.0) and six other critical vulnerabilities affecting UniFi OS devices. 100,000 instances exposed online require immediate patching.
10 articles tagged with "Command Injection"
Ubiquiti warns of CVE-2026-50746 (CVSS 10.0) and six other critical vulnerabilities affecting UniFi OS devices. 100,000 instances exposed online require immediate patching.
CVE-2026-9862 (CVSS 9.8) in Fortra Core Privileged Access Manager (BoKS) enables unauthenticated command injection via the autoregistration service. Restrict port 6507 access immediately.
CVE-2026-20266 in Splunk AI Toolkit allows authenticated admins to execute arbitrary OS commands. CVSS 9.1 flaw affects versions below 5.7.4—upgrade or uninstall immediately.
Akamai detects active exploitation of CVE-2025-29635 in discontinued D-Link DIR-823X routers. The tuxnokill variant spreads via command injection and launches DDoS attacks from compromised devices.
CVE-2026-5965 in NewSoftOA enables unauthenticated OS command injection with CVSS 9.8. Local attackers can execute arbitrary commands and fully compromise systems.
Critical CVSS 9.8 command injection vulnerability in Totolink A7100RU routers enables unauthenticated remote code execution. Public exploit available, no patch released.
CISA confirms active exploitation of VMware Aria Operations CVE-2026-22719, a command injection flaw enabling unauthenticated RCE. Patch by March 24.
CISA flags FileZen command injection flaw (CVE-2026-25108, CVSS 8.7) as actively exploited. Federal agencies must patch by March 17, 2026.
CVE-2026-22844 allowed meeting participants to execute arbitrary code on Zoom's on-premises multimedia routers. No active exploitation reported yet.
Five critical vulnerabilities in the self-hosting platform allow authenticated users to execute arbitrary commands as root. Over 52,000 instances are exposed globally.