Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-45563

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the serverip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 3:16 p.m.13 views

CVE-2026-45563

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the serverip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...

4.3CVSS0.00176EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:3 p.m.13 views

EUVD-2026-36043

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the serverip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 2:3 p.m.9 views

CVE-2026-45563 Roxy-WI: IDOR — any authenticated user can read another user's full action history

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the serverip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 2:3 p.m.21 views

CVE-2026-45563

CVE-2026-45563 affects Roxy-WI, a web interface for managing HAProxy, Nginx, Apache and Keepalived. In versions ≤ 8.2.6.4, GET /history// re-uses the server_ip path parameter as a user-id when service == 'user', without any authorization check. This enables any authenticated user (including a gue...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48441

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the server ip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.14 views

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Roxy-WI versions 8.2.6.4 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of authorization checks for the GET /history/ route when the service is set to user...

4.3CVSS5.3AI score0.00176EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

Zulip 访问控制错误漏洞

Zulip is a powerful open-source chat application developed by the US company Zulip. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Prior to Zulip 12.0, there was an access control vulnerability. This vulnerability occurred when...

6.5CVSS5.8AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.5 views

CVE-2026-0909

The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the wpulikedeletehistoryapi AJAX action not verifying that the log entry being deleted belongs to the current user. This makes it possible for...

5.3CVSS5.5AI score0.00338EPSS
Exploits0References1
Veracode
Veracode
added 2025/11/17 7:37 a.m.6 views

Improper Access Control

formcms is vulnerable to Improper Access Control. The vulnerability is due to insufficient authentication checks on the /api/schemas/history/schemaId endpoint, which allows an attacker to access historical schema data if a valid schemaId is known or guessed...

6.5CVSS7.1AI score0.00306EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2025/10/22 12:0 a.m.159 views

📄 Log2Space Subscriber Management Software 1.1 SQL Injection

Log2Space Subscriber Management Software version 1.1 suffers from an unauthenticated remote SQL injection vulnerability. Author: Aditya Patil [email protected] Rohan Patil [email protected] CVE-2025-56450 Unauthenticated SQL Injection in Log2Space Subscriber Management Software...

6.5CVSS8.3AI score0.00307EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/10/21 12:0 a.m.3 views

CVE-2025-56450

Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the leadid parameter in the /l2s/api/selfcareLeadHistory endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. T...

7.9AI score0.00307EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/10/01 12:42 a.m.15 views

CVE-2025-55797

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

6.5CVSS7AI score0.00306EPSS
Exploits0References1
OSV
OSV
added 2025/09/30 6:30 p.m.4 views

GHSA-6CWX-42HW-W69C FormCMS has an improper access control vulnerability in the /api/schemas/history/[schemaId] endpoint

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

6.9CVSS6.9AI score0.00306EPSS
Exploits0References5
NVD
NVD
added 2025/09/30 4:15 p.m.5 views

CVE-2025-55797

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

6.5CVSS0.00306EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/30 12:0 a.m.5 views

FormCMS 安全漏洞

FormCMS is a page designer for formcms individual developers. A security vulnerability exists in FormCms version 0.5.4, which stems from improper access control of the /api/schemas/history/schemaId endpoint, which could lead to unauthenticated attackers accessing historical schema data...

6.5CVSS6.5AI score0.00306EPSS
Exploits0References3
OSV
OSV
added 2025/09/30 12:0 a.m.6 views

CVE-2025-55797

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

6.5CVSS7AI score0.00306EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/30 12:0 a.m.2 views

CVE-2025-55797

An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/schemaId endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed...

6.6AI score0.00306EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.8 views

PT-2025-40005

Name of the Vulnerable Software and Affected Versions FormCms version 0.5.4 Description An access control issue exists in FormCms version 0.5.4. An unauthenticated attacker can access historical schema data via the /api/schemas/history/schemaId API endpoint if a valid schemaId is known or guessed...

6.9CVSS6.6AI score0.00306EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2024/08/22 12:0 a.m.8 views

PT-2024-30132 · Unknown · Kashipara Bus Ticket Reservation System

Name of the Vulnerable Software and Affected Versions: Kashipara Bus Ticket Reservation System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/history.php" endpoint, allowing remote attackers to execute arbitrary code via the Name, Phone, and Email parameter...

5.4CVSS6.8AI score0.00415EPSS
Exploits1References7
Rows per page
Query Builder