Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22332
Total
1596
Critical
6832
High
7160
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-53476 | CRITICAL | 9.6 | A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting … | Jun 10, 2026 |
| CVE-2026-53475 | CRITICAL | 9.3 | A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) … | Jun 10, 2026 |
| CVE-2026-53474 | CRITICAL | 9.6 | A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper … | Jun 10, 2026 |
| CVE-2026-53473 | HIGH | 7.3 | A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational … | Jun 10, 2026 |
| CVE-2026-53471 | CRITICAL | 9.6 | A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate … | Jun 10, 2026 |
| CVE-2026-53470 | CRITICAL | 9.6 | A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker … | Jun 10, 2026 |
| CVE-2026-53469 | CRITICAL | 9.1 | A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper … | Jun 10, 2026 |
| CVE-2026-45564 | HIGH | 8.8 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions/<service>/<server_ip>/<configver>/save interpolates the URL-path configver parameter … | Jun 10, 2026 |
| CVE-2026-45563 | MEDIUM | 4.3 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history/<service>/<server_ip> re-uses the server_ip path parameter … | Jun 10, 2026 |
| CVE-2026-45561 | MEDIUM | 6.5 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/{version,uptime,status,checks}/<server_ip> family of routes takes the … | Jun 10, 2026 |
| CVE-2026-45560 | MEDIUM | 6.1 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrap_line (app/modules/common/common.py:181-186) and highlight_word (app/modules/common/common.py:188-192) build raw … | Jun 10, 2026 |
| CVE-2026-45559 | MEDIUM | 4.9 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get_ldap_email (app/modules/roxywi/user.py:120-157) builds the LDAP search filter … | Jun 10, 2026 |
| CVE-2026-45558 | CRITICAL | 9.9 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and … | Jun 10, 2026 |
| CVE-2026-45556 | CRITICAL | 9.9 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf/<service>/<server_ip>/rule/<rule_id>/save accepts a config_file_name form field … | Jun 10, 2026 |
| CVE-2026-45552 | CRITICAL | 9.9 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → … | Jun 10, 2026 |
| CVE-2026-45550 | CRITICAL | 9.1 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.check_user_group_for_flask() … | Jun 10, 2026 |
| CVE-2026-45549 | HIGH | 8.5 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agent_action (app/routes/smon/agent_routes.py:166-179) has decorators @bp.post('/agent/action/<action>') and @jwt_required() … | Jun 10, 2026 |
| CVE-2026-11884 | MEDIUM | 6.5 | A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size … | Jun 10, 2026 |
| CVE-2025-10238 | MEDIUM | 6.7 | During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user … | Jun 10, 2026 |
| CVE-2025-10237 | MEDIUM | 6.7 | During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform … | Jun 10, 2026 |
| CVE-2026-9758 | HIGH | 7.3 | Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted | Jun 10, 2026 |
| CVE-2026-53442 | MEDIUM | 5.3 | Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job … | Jun 10, 2026 |
| CVE-2026-53441 | UNKNOWN | — | Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could … | Jun 10, 2026 |
| CVE-2026-53440 | MEDIUM | 4.3 | Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe … | Jun 10, 2026 |
| CVE-2026-53439 | MEDIUM | 4.3 | Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to … | Jun 10, 2026 |