CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.6	CVE-2026-53476	Assisted-migration-agent: vddk tarball chained-symlink arbitrary file write_CVE-2026-53476 A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path travers...	Red Hat	assisted-migration-agent	Jun 10, 2026	CVE
CRITICAL 9.3	CVE-2026-53475	Assisted-migration-agent: tls verification disabled on all vcenter connections_CVE-2026-53475 A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with...	kubev2v	assisted-migration-agent	Jun 10, 2026	CVE
CRITICAL 9.6	CVE-2026-53474	Migration-planner: second-order sql injection via rvtools upload_CVE-2026-53474 A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .x...	KubeV2V	migration-planner	Jun 10, 2026	CVE
CRITICAL 9.6	CVE-2026-53471	Migration-planner: agent api ignores jwt source_id claim_CVE-2026-53471 A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory ...	Red Hat	migration-planner	Jun 10, 2026	CVE
CRITICAL 9.6	CVE-2026-53470	Migration-planner: getsourcedownloadurl missing organization check_CVE-2026-53470 A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id...	Red Hat	migration-planner	Jun 10, 2026	CVE
CRITICAL 9.1	CVE-2026-53469	Migration-planner: unprotected delete endpoint wipes all tenant data_CVE-2026-53469 A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources rout...	Red Hat	migration-planner	Jun 10, 2026	CVE
CRITICAL 9.9	CVE-2026-45558	Roxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section save_CVE-2026-45558 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endp...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
CRITICAL 9.9	CVE-2026-45556	Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`_CVE-2026-45556 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accept...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
CRITICAL 9.9	CVE-2026-45552	Roxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered server_CVE-2026-45552 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declare...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
CRITICAL 9.1	CVE-2026-45550	Roxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant’s monitoring URL/IP/body_CVE-2026-45550 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/s...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE