Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

22332
Total
1596
Critical
6832
High
7160
Medium
CVE ID Severity Score Description Published
CVE-2026-53476 CRITICAL 9.6 A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting … Jun 10, 2026
CVE-2026-53475 CRITICAL 9.3 A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Middle (MITM) … Jun 10, 2026
CVE-2026-53474 CRITICAL 9.6 A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper … Jun 10, 2026
CVE-2026-53473 HIGH 7.3 A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational … Jun 10, 2026
CVE-2026-53471 CRITICAL 9.6 A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate … Jun 10, 2026
CVE-2026-53470 CRITICAL 9.6 A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker … Jun 10, 2026
CVE-2026-53469 CRITICAL 9.1 A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper … Jun 10, 2026
CVE-2026-45564 HIGH 8.8 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions/<service>/<server_ip>/<configver>/save interpolates the URL-path configver parameter … Jun 10, 2026
CVE-2026-45563 MEDIUM 4.3 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history/<service>/<server_ip> re-uses the server_ip path parameter … Jun 10, 2026
CVE-2026-45561 MEDIUM 6.5 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/{version,uptime,status,checks}/<server_ip> family of routes takes the … Jun 10, 2026
CVE-2026-45560 MEDIUM 6.1 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrap_line (app/modules/common/common.py:181-186) and highlight_word (app/modules/common/common.py:188-192) build raw … Jun 10, 2026
CVE-2026-45559 MEDIUM 4.9 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get_ldap_email (app/modules/roxywi/user.py:120-157) builds the LDAP search filter … Jun 10, 2026
CVE-2026-45558 CRITICAL 9.9 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and … Jun 10, 2026
CVE-2026-45556 CRITICAL 9.9 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf/<service>/<server_ip>/rule/<rule_id>/save accepts a config_file_name form field … Jun 10, 2026
CVE-2026-45552 CRITICAL 9.9 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → … Jun 10, 2026
CVE-2026-45550 CRITICAL 9.1 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.check_user_group_for_flask() … Jun 10, 2026
CVE-2026-45549 HIGH 8.5 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agent_action (app/routes/smon/agent_routes.py:166-179) has decorators @bp.post('/agent/action/<action>') and @jwt_required() … Jun 10, 2026
CVE-2026-11884 MEDIUM 6.5 A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size … Jun 10, 2026
CVE-2025-10238 MEDIUM 6.7 During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user … Jun 10, 2026
CVE-2025-10237 MEDIUM 6.7 During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform … Jun 10, 2026
CVE-2026-9758 HIGH 7.3 Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted Jun 10, 2026
CVE-2026-53442 MEDIUM 5.3 Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job … Jun 10, 2026
CVE-2026-53441 UNKNOWN Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could … Jun 10, 2026
CVE-2026-53440 MEDIUM 4.3 Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe … Jun 10, 2026
CVE-2026-53439 MEDIUM 4.3 Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to … Jun 10, 2026