|
3791
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history/<service>/<server_ip> re-uses the server_ip path parameter as a user…
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-45563
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3792
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get_ldap_email (app/modules/roxywi/user.py:120-157) builds the LDAP search filter…
|
CWE-90
LDAP Injection
|
CVE-2026-45559
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3793
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section…
|
CWE-20
CWE-77
CWE-78
CWE-94
Improper Input Validation
Command Injection
OS Command
Code Injection
|
CVE-2026-45558
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3794
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf/<service>/<server_ip>/rule/<rule_id>/save accepts a config_file_name fo…
|
CWE-20
CWE-22
CWE-73
CWE-78
Improper Input Validation
Path Traversal
External Control of File Name or Path
OS Command
|
CVE-2026-45556
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3795
|
7.5 |
HIGH
Network
|
-
|
-
|
UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1.
|
CWE-79
Cross-site Scripting
|
CVE-2026-11799
|
2026-06-11 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3796
|
- |
|
-
|
-
|
Insufficient input validation vulnerability in the listed NETGEAR devices allows
authenticated administrators connected to the local network to tamper with
the router's integrity.
|
CWE-20
Improper Input Validation
|
CVE-2026-0417
|
2026-06-11 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3797
|
- |
|
-
|
-
|
Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized…
|
CWE-20
Improper Input Validation
|
CVE-2026-0412
|
2026-06-11 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3798
|
- |
|
-
|
-
|
Authenticated administrators connected to the local network can gain
elevated access to the router and make unauthorized changes to router
software and functionality.
|
CWE-20
Improper Input Validation
|
CVE-2026-0410
|
2026-06-11 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3799
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from pr…
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-11669
|
2026-06-11 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3800
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-11672
|
2026-06-11 01:15 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
