5 matches found
EUVD-2026-36042
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/version,uptime,status,checks/ family of routes takes the URL path component verbatim into requests.getf'http://serverip:agentport/...'. The path component is...
OpenClaw: Write-scoped callers could reach admin-only session reset logic through `agent`
Summary In affected versions of openclaw, a gateway caller with operator.write could issue agent requests containing /new or /reset and reach the same reset path used by the admin-only sessions.reset RPC. Impact On gateways where a caller is intentionally granted operator.write but not...
CVE-2025-6283
The CVE-2025-6283 entry concerns xataio Xata Agent up to version 0.3.0. A path traversal flaw in the GET handler of apps/dbagent/src/app/api/evals/route.ts arises from argument manipulation. Upgrading to version 0.3.1 mitigates the issue; the patch is named 03f27055e0cf5d4fa7e874d34ce8c74c7b9086c...
CVE-2021-23021
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644...
CVE-2020-10138
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkinsagent. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can...