Ui

This hub aggregates every CVE we track for Ui, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 10 most recently published vulnerabilities affecting Ui.

• CVE-2026-5562provectus kafka-ui Endpoint testexecutions validateAccess code injection7.3Apr 5, 2026
• CVE-2026-0824questdb ui Web Console cross site scripting3.5Jan 10, 2026
• BDU:2025-00765Уязвимость модуля UI сервиса для управления бизнесом Битрикс24 и системы управления содержимым сайтов (CMS) 1С-Битрикс: Управление сайтом, позволяющая нарушителю выполнить произвольный код7.3Jan 27, 2025
• CVE-2023-52251An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote attackers to execute arbitrary code via the q parameter of /api/clusters/local/topics/{topic}/messages.8.8Jan 25, 2024
• CVE-2023-33991Stored Cross-Site Scripting (Stored XSS) vulnerability in SAP UI5 Variant Management8.2Jun 13, 2023
• CVE-2022-39395Vela Insecure Defaults9.6Nov 10, 2022
• CVE-2019-0388SAP UI5 HTTP Handler (corrected in SAP_UI versions 7.5, 7.51, 7.52, 7.53, 7.54 and SAP UI_700 version 2.0) allows an attacker to manipulate content due to insufficient URL validation.5.3Nov 13, 2019
• CVE-2018-2424SAP UI5 did not validate user input before adding it to the DOM structure. This may lead to malicious user-provided JavaScript code being added to the DOM that could steal user information. Softwar...9.8Jun 12, 2018
• CVE-2018-2428Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Software components affected are: SAP Infrastructure 1.0, SAP UI 7.4, 7.5, 7.5...5.3Jun 12, 2018
• CVE-2008-7315UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.9.8Oct 10, 2017