CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/10 3:16 p.m.•9 views

CVE-2026-53469

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

9.1CVSS0.00331EPSS

EUVD•added 2026/06/10 1:55 p.m.•13 views

EUVD-2026-36034

A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the /api/v1/sources/id/image-url endpoint. This flaw allows the attacker to bypass an ownership check and obtain presigned S3 URLs for Open Virtual Appliance OVA images...

9.6CVSS5.5AI score0.00281EPSS

Vulnrichment•added 2026/06/10 1:55 p.m.•7 views

CVE-2026-53470 Migration-planner: getsourcedownloadurl missing organization check

9.6CVSS5.3AI score0.00281EPSS

Cvelist•added 2026/06/10 1:55 p.m.•30 views

CVE-2026-53471 Migration-planner: agent api ignores jwt source_id claim

9.6CVSS0.00282EPSS

EUVD•added 2026/06/10 1:55 p.m.•6 views

EUVD-2026-36031

9.6CVSS5.5AI score0.00282EPSS

EUVD•added 2026/06/10 1:55 p.m.•6 views

EUVD-2026-36030

A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL...

Vulnrichment•added 2026/06/10 1:55 p.m.•5 views

CVE-2026-53474 Migration-planner: second-order sql injection via rvtools upload

Cvelist•added 2026/06/10 1:55 p.m.•32 views

CVE-2026-53474 Migration-planner: second-order sql injection via rvtools upload

9.6CVSS0.00298EPSS

CVE•added 2026/06/10 1:55 p.m.•15 views

CVE-2026-53474

Migration-planner is affected by a second-order SQL injection via uploads of RVTools .xlsx files. The flaw arises from improper input sanitization and causes malicious SQL embedded in a spreadsheet cell to execute when cluster names are processed, enabling arbitrary file reading on the host (pote...

9.6CVSS5.9AI score0.00298EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/06/10 1:55 p.m.•33 views

CVE-2026-53469 Migration-planner: unprotected delete endpoint wipes all tenant data

9.1CVSS0.00331EPSS

Vulnrichment•added 2026/06/10 1:55 p.m.•4 views

CVE-2026-53469 Migration-planner: unprotected delete endpoint wipes all tenant data

EUVD•added 2026/06/10 1:55 p.m.•6 views

EUVD-2026-36028

CVE•added 2026/06/10 1:55 p.m.•10 views

CVE-2026-53469

Migration-planner is affected. An authenticated user can issue a DELETE to /api/v1/sources that is not properly authorized/filtered, permitting destruction of all tenant data (sources, agents, assessments) and causing critical loss of availability and integrity across the SaaS platform. Affected ...

Exploits0References3Affected Software1

RedhatCVE•added 2026/06/10 1:55 p.m.•6 views

CVE-2026-53474

RedhatCVE•added 2026/06/10 1:55 p.m.•6 views

CVE-2026-53469

RedhatCVE•added 2026/06/10 1:55 p.m.•5 views

CVE-2026-53473

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

7.3CVSS5.3AI score0.00187EPSS

RedhatCVE•added 2026/06/10 1:55 p.m.•9 views

CVE-2026-53471

9.6CVSS5.5AI score0.00282EPSS

Positive Technologies•added 2026/06/10 12:0 a.m.•11 views

PT-2026-48443

CNNVD•added 2026/06/10 12:0 a.m.•5 views

Migration Planner UI SQL注入漏洞

The Migration Planner UI is an open-source migration planning front-end tool developed by KubeV2V. The Migration Planner UI has a SQL injection vulnerability. This vulnerability arises when a remotely authenticated attacker uploads a specially crafted RVTools .xlsx file. Due to improper input...