CVE-2026-53471

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

CVE-2026-53471 Migration-planner: agent api ignores jwt source_id claim

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

EUVD-2026-36031

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

CVE-2026-53471

CVE-2026-53471 affects the migration-planner project, specifically the agent-api middleware. The UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the source_id claim in JWTs against the requested source ID. Root cause: missing validation allows an authenticated attacker with ...

CVE-2026-53471

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

Migration assessment 安全漏洞

Migration assessment is an open-source tool developed by KubeV2V for evaluating and providing migration recommendations for VMware environments. There is a security vulnerability in Migration assessment. This vulnerability stems from the agent-API middleware, which, when processing JWT tokens,...

CVE-2026-11043

creationtimestamp| type| source ---|---|--- 2026-06-05 13:23:57+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608 2026-06-07 18:00:00+00:00| seen|...

CVE-2026-46118

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix null ptr deref in paprhvpipedevcreatehandle commit 6d3789d347a7 "papr-hvpipe: convert paprhvpipedevcreatehandle to FDPREPARE", changed the create handle to FDPREPARE, but it caused kernel null-ptr-deref...

CVE-2026-22011

creationtimestamp| type| source ---|---|--- 2026-04-21 23:29:31+00:00| seen| Telegram/EOnjNYApXgYHJan5J2dTdjjTaiwT5fD5DgY21SwpLPKRuSg...

GHSA-F92M-JPV7-55P2

creationtimestamp| type| source ---|---|--- 2026-03-27 21:22:55+00:00| seen| Telegram/Gog278dWyh4lEZUplneDunVggYKWxHPgBiv3mkrQtX1ZGY...

📄 EspoCRM 9.3.3 Remote Code Execution / Path Traversal

EspoCRM versions 9.3.3 and below proof of concept remote code execution exploit that leverages formula ACL bypass, path traversal, and poisoning. !/bin/bash =========================================================================== EspoCRM command Example: ./poc.sh http://192.168.5.16:8090 admin...

CVE-2026-30857

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a cross-tenant authorization bypass in the knowledge base copy endpoint allows any authenticated user to clone duplicate another tenant’s knowledge base into their own tena...

SQL Injection

io.dataease, dataease-plugin-common is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the dataSourceId parameter, which allows an attacker to inject and execute arbitrary SQL queries...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication through the Milvus Proxy component, which skips the source ID check. An attacker can gain full administrative access to the cluster, allowing them to read, modify, or delete data and perform privileged operations...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication through the Milvus Proxy component, which skips the source ID check. An attacker can gain full administrative access to the cluster, allowing them to read, modify, or delete data and perform privileged operations...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication through the Milvus Proxy component, which skips the source ID check. An attacker can gain full administrative access to the cluster, allowing them to read, modify, or delete data and perform privileged operations...

CVE-2025-55092

creationtimestamp| type| source ---|---|--- 2025-10-17 05:20:59+00:00| seen| Telegram/0ADcdJdQegEBCngGyhjx6Psk8945WHsjefUys1fzUVkv0iY...

CVE-2018-12841

creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:35+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...

CVE-2004-0380

creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:30+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d 2025-08-31 03:13:08+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...

CVE-2011-3412

creationtimestamp| type| source ---|---|--- 2025-08-31 03:01:16+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d 2025-08-31 03:12:52+00:00| seen| MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57...