|
1691
|
8.3 |
HIGH
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unau…
|
CWE-287
CWE-306
CWE-697
Improper Authentication
Missing Authentication for Critical Function
Incorrect Comparison
|
CVE-2026-45567
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1692
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or …
|
CWE-601
Open Redirect
|
CVE-2026-45566
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1693
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/{version,uptime,status,checks}/<server_ip> family of routes takes…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-45561
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1694
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrap_line (app/modules/common/common.py:181-186) and highlight_word (app/modules/…
|
CWE-79
Cross-site Scripting
|
CVE-2026-45560
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1695
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.c…
|
CWE-639
CWE-862
CWE-863
Authorization Bypass Through User-Controlled Key
Missing Authorization
Incorrect Authorization
|
CVE-2026-45550
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1696
|
8.5 |
HIGH
Network
|
-
|
-
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agent_action (app/routes/smon/agent_routes.py:166-179) has decorators @bp.post('/…
|
CWE-862
CWE-863
Missing Authorization
Incorrect Authorization
|
CVE-2026-45549
|
2026-06-11 02:16 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1697
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows a…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-36813
|
2026-06-11 02:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1698
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows …
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-36806
|
2026-06-11 02:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1699
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. These vulnerabilities allow…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-36805
|
2026-06-11 02:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1700
|
- |
|
-
|
-
|
Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands.…
|
CWE-20
Improper Input Validation
|
CVE-2026-0419
|
2026-06-11 02:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
