Lucene search
K

7 matches found

NVD
NVD
added 2026/06/10 3:16 p.m.16 views

CVE-2026-45559

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

4.9CVSS0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:2 p.m.9 views

EUVD-2026-36040

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

4.9CVSS5.5AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:0 p.m.9 views

EUVD-2026-36037

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check app/routes/smon/routes.py:117-138 gates only on roxywicommon.checkusergroupforflask — which validates that the caller has some group, not that the target checkid...

9.1CVSS5.7AI score0.00196EPSS
Exploits0References1
OSV
OSV
added 2026/01/15 4:27 p.m.6 views

CVE-2026-22265 Roxy-WI has a Command Injection via grep parameter in logs.py allows authenticated RCE

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS7.8AI score0.02117EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.9 views

PT-2026-3072

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated users to execute arbitrary system commands. The vulnerability is in app/modules/roxywi/logs.py...

7.5CVSS7.9AI score0.02117EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/01/03 12:0 a.m.3 views

Roxy-WI 操作系统命令注入漏洞

Roxy-WI is a Roxy-WI open source web interface for managing Haproxy, Nginx and Keepalived servers. An operating system command injection vulnerability exists in Roxy-WI 8.1.3 and earlier versions, which stems from the parameter action/service in the actionservice function of the file...

9CVSS8.9AI score0.17797EPSS
Exploits0References8
CVE
CVE
added 2022/07/06 12:0 a.m.71 views

CVE-2022-31125

CVE-2022-31125: Roxy-WI authentication bypass vulnerability allowing remote, unauthenticated access to admin functionality via a crafted HTTP request. Affected: Roxy-WI before 6.1.1.0. Exploitation exists (exploit-db/poC references). Remediation: upgrade to version 6.1.1.0 or later; exploit examp...

10CVSS9.7AI score0.15929EPSS
Exploits3References2Affected Software1
Rows per page
Query Builder