Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Ubiquiti Inc. - HackerOne Reports

View on HackerOne

86

Total Reports

11

Critical

33

High

20

Medium

6

Low

XSS via SVG file

Reported by: 0xspade | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

[nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html

Reported by: bobrov | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

UniFi Video Server web interface Configuration Restore path traversal leading to local system compromise

Reported by: ajxchapman | Disclosed:

Critical

Weakness: Path Traversal

UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise

Reported by: ajxchapman | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

UniFi Video web interface Configuration Restore user privilege escalation

Reported by: ajxchapman | Disclosed:

High

Weakness: Privilege Escalation

Readonly to Root Privilege Escalation on EdgeSwitch

Reported by: fr33rh | Disclosed:

High

Weakness: Command Injection - Generic

Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/

Reported by: inhibitor181 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Generic

Firmware download/install vulnerable to CSRF

Reported by: mornaner | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

Directory traversal at https://nightly.ubnt.com

Reported by: grampae | Disclosed:

High

Weakness: Path Traversal

Privilege Escalation with Session Hijacking Having a Non-privileged Valid User

Reported by: hacknroll | Disclosed:

Critical

Command injection in the process of downloading the latest version of the cloud key firmware through the unifi management software.

Reported by: dblack | Disclosed:

High

Weakness: Command Injection - Generic

Open Redirect in unifi.ubnt.com [Controller Finder]

Reported by: b7882330c6060c6b277c5a1 | Disclosed:

Weakness: Open Redirect

Privilege-0 to Root Privilege Escalation on EdgeSwitch

Reported by: fr33rh | Disclosed:

High

Weakness: Privilege Escalation

Code Execution in restricted CLI of EdgeSwitch

Reported by: maxpl0it | Disclosed:

High

Weakness: Command Injection - Generic

Reflected Xss in AirMax [Nanostation Loco M2]

Reported by: b7882330c6060c6b277c5a1 | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry

Reported by: fransrosen | Disclosed:

Weakness: Privilege Escalation

[account-global.ubnt.com] CRLF Injection

Reported by: bobrov | Disclosed:

Low

Authenticated RCE in ToughSwitch

Reported by: maxpl0it | Disclosed:

High

Weakness: OS Command Injection

AirFibre products vulnerable to HTTP Header injection

Reported by: simongurney | Disclosed:

Weakness: Improper Authentication - Generic

IDOR Causing Deletion of any account

Reported by: vibs123i | Disclosed:

Page 1 of 5 Next