CVE-2026-45550

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywicommon.checkusergroupforflask — which validates that the caller has some group, not that the target checkid...

CVE-2026-45550 Roxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/body

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywicommon.checkusergroupforflask — which validates that the caller has some group, not that the target checkid...

CVE-2026-45550

Roxy-WI exposes an IDOR on PUT /smon/check in versions ≤ 8.2.6.4. The flaw gates only on roxywi_common.check_user_group_for_flask(), validating the caller has some group rather than that the target check_id belongs to it. Downstream update_smon, update_smonHttp, update_smonTcp, update_smonPing, a...

EUVD-2026-36037

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywicommon.checkusergroupforflask — which validates that the caller has some group, not that the target checkid...

PT-2026-7635

Name of the Vulnerable Software and Affected Versions MedusaJS versions prior to 2.12.2 Description A race condition exists in the registerUsage function within the promotion module. This function uses a non-atomic read-check-update process when managing promotion usage limits. This allows...

EUVD-2024-54034

Malicious code in bioql PyPI...

CVE-2025-38618

CVE-2025-38618 concerns the Linux kernel where a vsock could autobind to VMADDR_PORT_ANY, risking a use-after-free on connection to the bound socket. The fix updates __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY. Connected sources (e.g., Astra Linux, Debian LTS advisories,...

openSUSE Security Advisory (SUSE-SU-2025:02191-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-49361 f2fs: fix to do sanity check for inline inode

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check for inline inode Yanming reported a kernel bug in Bugzilla kernel 1, which can be reproduced. The bug message is: The kernel message is shown below: kernel BUG at fs/inode.c:611! Call Trace:...

PT-2024-15571 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot plugin for WordPress versions up to, and including, 5.3.4 Description: The issue is related to a missing capability check on the openai file upload callback function, allowing authenticated attackers with subscriber-level access an...

LoLLMs 安全漏洞

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs that stems from inadequate protection of sensitive endpoints, allowing unauthorized access to endpoints such as /restartprogram, /updatesoftware, /,...

PT-2023-33247 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.82 Description: The issue concerns a potential security vulnerability in the Linux Kernel. It involves a null check before removing sysfs attributes, specifically related to the coretemp component of the...

PT-2022-36770 · Git +1 · Archive

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read crash. Technical details include the crash type being Heap-buffer-overflow READ 16, and the crash sta...

Password Lense - Reveal Character Types In A Password

What is this? Certain characters in passwords 'O' and '0', 'I' and 'l', etc. can be hard to identify when you need to type them in and copy-paste is unavailable. Password Lense is a small web application that provides a quick and secure way to get a more informative view of your password. Feature...

Android Security Bulletin — March 2019Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2019-03-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...