roxy-wi

Top products

The 15 most recently published vulnerabilities affecting roxy-wi.

• CVE-2026-45569Roxy-WI: Path-traversal patch in commit d4d10006 is a no-op (tuple-membership bug)8.1Jun 10, 2026
• CVE-2026-45567Roxy-WI: Authentication bypass via 'api' substring in URL + unauthenticated /api/gpt8.3Jun 10, 2026
• CVE-2026-45566Roxy-WI: Open redirect on /login?next= via basic-auth userinfo syntax bypass6.1Jun 10, 2026
• CVE-2026-45565Roxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)8.1Jun 10, 2026
• CVE-2026-45564Roxy-WI: Authenticated RCE via 'configver' URL parameter (os.system sink in /config/versions/.../save)8.8Jun 10, 2026
• CVE-2026-45563Roxy-WI: IDOR — any authenticated user can read another user's full action history4.3Jun 10, 2026
• CVE-2026-45561Roxy-WI: SSRF in /smon/agent/<endpoint>/<server_ip> reachable to cloud metadata IPs6.5Jun 10, 2026
• CVE-2026-45560Roxy-WI: Stored XSS in log viewer (wrap_line/highlight_word produce unescaped HTML)6.1Jun 10, 2026
• CVE-2026-45559Roxy-WI: LDAP injection in /user/ldap/<username> (admin-only)4.9Jun 10, 2026
• CVE-2026-45558Roxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section save9.9Jun 10, 2026
• CVE-2026-45556Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`9.9Jun 10, 2026
• CVE-2026-45550Roxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/body9.1Jun 10, 2026
• CVE-2026-45549Roxy-WI: Authorization bypass on POST /smon/agent/action/<action> — guest can stop or restart smon-agent on any host8.5Jun 10, 2026
• CVE-2026-45552Roxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered server9.9Jun 10, 2026
• CVE-2026-33208Roxy-WI Vulnerable to Authenticated Remote Code Execution via OS Command Injection in find-in-config Endpoint8.8Apr 24, 2026