j3ssie

1 exploit Active since Jan 2026
CVE-2020-37052 EXPLOITDB CRITICAL python WORKING POC
Ubiquiti AirControl 1.4.2 - Unauthenticated Remote Code Execution via Java Expression Injection in /.seam Endpoint
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedded Java expressions to run commands with the application's system privileges.
CVSS 9.8