Vulnerabilidades em roxy-wi
23 resultadosCVE-2024-43804HIGHOS Command Injection via Port Scan Functionality in Roxy-WIEPSS 2.5%CVE-2026-22265HIGHRoxy-WI has a Command Injection via grep parameter in logs.py allows authenticated RCEEPSS 2.1%CVE-2026-27811HIGHRoxy-WI has a Command Injection via diff parameter in config comparison allows authenticated RCEEPSS 2.0%CVE-2026-33076HIGHRoxy-WI vulnerable to path traversal and arbitrary file writingEPSS 0.8%CVE-2026-33208HIGHRoxy-WI Vulnerable to Authenticated Remote Code Execution via OS Command Injection in find-in-config EndpointEPSS 0.7%CVE-2026-45558CRITICALRoxy-WI: Authenticated RCE on every managed HAProxy load balancer via `option` field config injection in section saveEPSS 0.4%CVE-2026-33077HIGHRoxy-WI has an arbitrary file read vulnerabilityEPSS 0.4%CVE-2026-33432HIGHRoxy-WI has Pre-Authentication LDAP Injection that Leads to Authentication BypassEPSS 0.4%CVE-2026-33431MEDIUMRoxy-WI Vulnerable to Authenticated Arbitrary File Read via Path Traversal in Config Version ViewerEPSS 0.4%CVE-2026-45556CRITICALRoxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`EPSS 0.4%CVE-2026-33078HIGHRoxy-WI has SQL Injection in haproxy_section_save Endpoint via Unsanitized server_ip ParameterEPSS 0.4%CVE-2026-45569HIGHRoxy-WI: Path-traversal patch in commit d4d10006 is a no-op (tuple-membership bug)EPSS 0.3%CVE-2026-45565HIGHRoxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)EPSS 0.3%CVE-2026-45564HIGHRoxy-WI: Authenticated RCE via 'configver' URL parameter (os.system sink in /config/versions/.../save)EPSS 0.3%CVE-2026-45552CRITICALRoxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered serverEPSS 0.3%CVE-2026-45567HIGHRoxy-WI: Authentication bypass via 'api' substring in URL + unauthenticated /api/gptEPSS 0.2%CVE-2026-45559MEDIUMRoxy-WI: LDAP injection in /user/ldap/<username> (admin-only)EPSS 0.2%CVE-2026-45561MEDIUMRoxy-WI: SSRF in /smon/agent/<endpoint>/<server_ip> reachable to cloud metadata IPsEPSS 0.2%CVE-2026-45549HIGHRoxy-WI: Authorization bypass on POST /smon/agent/action/<action> — guest can stop or restart smon-agent on any hostEPSS 0.2%CVE-2026-45550CRITICALRoxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/bodyEPSS 0.2%