|
891
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or …
New
|
CWE-601
Open Redirect
|
CVE-2026-45566
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
892
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/{version,uptime,status,checks}/<server_ip> family of routes takes…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45561
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
893
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrap_line (app/modules/common/common.py:181-186) and highlight_word (app/modules/…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45560
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
894
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.c…
New
|
CWE-639
CWE-862
CWE-863
Authorization Bypass Through User-Controlled Key
Missing Authorization
Incorrect Authorization
|
CVE-2026-45550
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
895
|
8.5 |
HIGH
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agent_action (app/routes/smon/agent_routes.py:166-179) has decorators @bp.post('/…
New
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2026-45549
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
896
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows a…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-36813
|
2026-06-11 02:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
897
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows …
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-36806
|
2026-06-11 02:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
898
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. These vulnerabilities allow…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-36805
|
2026-06-11 02:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
899
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Issue Summary: Cryptographic Message Services (CMS) processing fails to perform
sufficient input validation on the cipher and tag length fields of
AuthEnvelopedData containers, leading to various pot…
Update
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-34182
|
2026-06-11 02:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
900
|
7.4 |
HIGH
Network
|
-
|
-
|
Issue Summary: The PKCS#12 file processing fails to perform sufficient input
validation for files that use Password-Based Message Authentication Code 1
(PBMAC1) integrity mechanism allowing a certifi…
Update
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-34181
|
2026-06-11 02:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
