Vulnerabilities
Vulnerable Software
Security Vulnerabilities
Missing validation of "valuesFrom" references in Helm Deployer of SUSE Rancher Fleet 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 could be used by owners of one tenant to access fleet credentials of other tenants.
CVSS Score
9.9
EPSS Score
0.006
Published
2026-07-02
A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.
CVSS Score
8.4
EPSS Score
0.005
Published
2026-07-02
In Progress Flowmon versions prior to 12.5.9 and 13.0.11, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the PDF generation process that results in operations being performed with the privileges of another user, potentially leading to unauthorized access to sensitive data and unintended modifications to system configuration.
CVSS Score
8.7
EPSS Score
0.002
Published
2026-07-02
In Progress Flowmon ADS versions prior to 12.5.6 and 13.0.5, a vulnerability exists whereby an adversary who is authenticated as a low-privileged user in the Anomaly Detection System (ADS) may send specially crafted requests that could result in unauthorized access to application data and its modification.
CVSS Score
8.7
EPSS Score
0.002
Published
2026-07-02
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-07-02
A malicious actor with access to the network and under certain conditions could exploit an Incorrect Authorization vulnerability found in UniFi Network Application to persist privileges within UniFi Network Application after such access had been removed.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-07-02
A malicious actor with access to the network and low privileges and under certain conditions could exploit an Improper Access Control vulnerability found in UniFi OS with UniFi Protect Application to escalate privileges on the host device.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-07-02
A malicious actor with access to the network could exploit a Server-Side Request Forgery (SSRF) vulnerability found in UniFi Talk Application to execute a Denial of Service (DoS) attack and bypass authentication in certain UniFi Talk API endpoints.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-07-02
A malicious actor with access to the network and low privileges could exploit an Improper Access Control vulnerability found in UniFi Network Application to escalate privileges within the UniFi Network Application.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-07-02
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery (SSRF) in UniFi Protect Application to escalate privileges on the host device.
CVSS Score
9.9
EPSS Score
0.002
Published
2026-07-02


Contact Us

Shodan ® - All rights reserved