|
171
|
- |
|
-
|
-
|
Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-46497
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
172
|
8.1 |
HIGH
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, ommit d4d10006 ("Expand validation to block .. in config_file_name and configver …
New
|
CWE-22
CWE-697
Path Traversal
Incorrect Comparison
|
CVE-2026-45569
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
173
|
8.1 |
HIGH
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/roxywi/class_models.py:16-30) is the centralised Pydan…
New
|
CWE-20
CWE-22
CWE-117
Improper Input Validation
Path Traversal
Improper Output Neutralization for Logs
|
CVE-2026-45565
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
174
|
8.8 |
HIGH
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions/<service>/<server_ip>/<configver>/save interpolates the URL…
New
|
CWE-78
OS Command
|
CVE-2026-45564
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
175
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history/<service>/<server_ip> re-uses the server_ip path parameter as a user…
New
|
CWE-639
CWE-863
Authorization Bypass Through User-Controlled Key
Incorrect Authorization
|
CVE-2026-45563
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
176
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get_ldap_email (app/modules/roxywi/user.py:120-157) builds the LDAP search filter…
New
|
CWE-90
LDAP Injection
|
CVE-2026-45559
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
177
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section…
New
|
CWE-20
CWE-77
CWE-78
CWE-94
Improper Input Validation
Command Injection
OS Command
Code Injection
|
CVE-2026-45558
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
178
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf/<service>/<server_ip>/rule/<rule_id>/save accepts a config_file_name fo…
New
|
CWE-20
CWE-22
CWE-73
CWE-78
Improper Input Validation
Path Traversal
External Control of File Name or Path
OS Command
|
CVE-2026-45556
|
2026-06-11 01:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
179
|
7.5 |
HIGH
Network
|
-
|
-
|
Issue summary: Remote peer may exhaust heap memory of the QUIC
server or client by flooding it with packets containing PATH_CHALLENGE
frames.
Impact summary: A malicious remote peer can cause an unb…
New
|
CWE-1325
Improperly Controlled Sequential Memory Allocation
|
CVE-2026-34183
|
2026-06-11 01:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
180
|
7.5 |
HIGH
Network
|
-
|
-
|
UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1.
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-11799
|
2026-06-11 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
