VYPR

Unifi Controller

by UI

CVEs (4)

  • CVE-2014-2225HigFeb 8, 2020
    risk 0.60cvss 8.8epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Ubiquiti Networks UniFi Controller before 3.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create a new admin user via a request to api/add/admin; (2) have unspecified…

  • CVE-2013-3572MedDec 31, 2013
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname.

  • CVE-2024-5401Dec 4, 2025
    risk 0.00cvss epss 0.00

    Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote authenticated users to…

  • CVE-2014-2226Jul 29, 2014
    risk 0.00cvss epss 0.01

    Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.