Lucene search
+L

303 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/24 1:55 a.m.3 views

CVE-2026-33077

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

8.7CVSS5.8AI score0.00428EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/24 1:55 a.m.33 views

CVE-2026-33077 Roxy-WI has an arbitrary file read vulnerability

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

8.7CVSS0.00428EPSS
Exploits1References2
CVE
CVE
added 2026/04/24 1:55 a.m.17 views

CVE-2026-33077

CVE-2026-33077 affects Roxy-WI, a web interface for managing HAProxy, Nginx, Apache and Keepalived. The vulnerability is an arbitrary file read in the oldconfig parameter of the haproxy_section_save interface, present before version 8.2.6.4. Upgrading to 8.2.6.4 fixes the issue. The CVSS metrics ...

8.7CVSS5.8AI score0.00428EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/24 1:55 a.m.4 views

CVE-2026-33077 Roxy-WI has an arbitrary file read vulnerability

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxysectionsave interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

8.7CVSS6AI score0.00428EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/24 1:52 a.m.35 views

CVE-2026-33076 Roxy-WI vulnerable to path traversal and arbitrary file writing

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...

9.3CVSS0.0082EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 1:52 a.m.5 views

CVE-2026-33076

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...

9.3CVSS6.4AI score0.0082EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/24 1:52 a.m.44 views

CVE-2026-33076

Roxy-WI is vulnerable in the haproxy_section_save interface prior to version 8.2.6.4. The issue is a path traversal that can write into scheduled tasks, enabling remote code execution. Version 8.2.6.4 fixes the issue. (Exploitation details are not provided in the documents.)

9.8CVSS6.4AI score0.0082EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 1:52 a.m.9 views

CVE-2026-33076 Roxy-WI vulnerable to path traversal and arbitrary file writing

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...

9.3CVSS6.3AI score0.0082EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/24 1:52 a.m.9 views

EUVD-2026-25375

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...

9.3CVSS6.4AI score0.0082EPSS
Exploits1References2
OSV
OSV
added 2026/04/24 1:52 a.m.4 views

CVE-2026-33076 Roxy-WI vulnerable to path traversal and arbitrary file writing

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxysectionsave interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the iss...

9.3CVSS6.6AI score0.0082EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Roxy-WI 路径遍历漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.6.4 contained a path traversal vulnerability. This vulnerability stemmed from issues with the haproxysectionsave interface, involving path traversal and the executio...

9.8CVSS6.3AI score0.0082EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Roxy-WI SQL注入漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.6.4 contained a SQL injection vulnerability. This vulnerability stemmed from the serverip parameter in the haproxy-sectionsave function being inserted into the SQL...

9.8CVSS5.9AI score0.00352EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.16 views

PT-2026-34833

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy section save interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the...

9.3CVSS6.4AI score0.0082EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.14 views

PT-2026-34834

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy section save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue...

8.7CVSS5.8AI score0.00428EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.11 views

PT-2026-34836

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied words parameter before embedding it into a shell command string that is subsequently executed on a...

8.7CVSS6.2AI score0.0066EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.18 views

Roxy-WI 路径遍历漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions prior to Roxy-WI 8.2.6.4 contained a path traversal vulnerability, which stemmed from a vulnerability in the oldconfig parameter of the haproxysectionsave interface, allowing arbitrary...

8.7CVSS5.9AI score0.00428EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/20 8:26 p.m.2 views

CVE-2026-33432

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...

8.7CVSS5.7AI score0.00423EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/20 8:26 p.m.4 views

CVE-2026-33432 Roxy-WI has Pre-Authentication LDAP Injection that Leads to Authentication Bypass

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...

8.7CVSS5.7AI score0.00423EPSS
Exploits1References2
CVE
CVE
added 2026/04/20 8:26 p.m.31 views

CVE-2026-33432

CVE-2026-33432 affects Roxy-WI up to version 8.2.8.2. When LDAP authentication is enabled, the code concatenates the login username directly into the LDAP search filter without escaping special characters, enabling an unauthenticated attacker to inject LDAP metacharacters, manipulate the query, a...

9.1CVSS5.7AI score0.00423EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/20 8:26 p.m.10 views

EUVD-2026-23968

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...

8.7CVSS5.7AI score0.00423EPSS
Exploits1References2
Rows per page
Query Builder