Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/10 3:36 p.m.9 views

CVE-2026-45566 Roxy-WI: Open redirect on /login?next= via basic-auth userinfo syntax bypass

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://request.hostnexturl and the JS client redirects via...

6.1CVSS5.5AI score0.00153EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 3:36 p.m.16 views

CVE-2026-45566

Roxy-WI unauthenticated login flow flaw (affecting 8.2.6.4 and prior) allows an open redirect via the next parameter. The code rejects strings containing https:// or http:// but then builds https://{request.host}{next_url} and redirects with window.location.replace(), not accounting for userinfo@...

6.1CVSS5.5AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 3:36 p.m.31 views

CVE-2026-45566 Roxy-WI: Open redirect on /login?next= via basic-auth userinfo syntax bypass

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://request.hostnexturl and the JS client redirects via...

6.1CVSS0.00153EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 3:36 p.m.10 views

EUVD-2026-36063

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://request.hostnexturl and the JS client redirects via...

6.1CVSS5.5AI score0.00153EPSS
Exploits0References1
Rows per page
Query Builder