Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22374
Total
1599
Critical
6838
High
7169
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-45563 | MEDIUM | 4.3 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history/<service>/<server_ip> re-uses the server_ip path parameter … | Jun 10, 2026 |
| CVE-2026-45561 | MEDIUM | 6.5 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/{version,uptime,status,checks}/<server_ip> family of routes takes the … | Jun 10, 2026 |
| CVE-2026-45560 | MEDIUM | 6.1 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrap_line (app/modules/common/common.py:181-186) and highlight_word (app/modules/common/common.py:188-192) build raw … | Jun 10, 2026 |
| CVE-2026-45559 | MEDIUM | 4.9 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get_ldap_email (app/modules/roxywi/user.py:120-157) builds the LDAP search filter … | Jun 10, 2026 |
| CVE-2026-45558 | CRITICAL | 9.9 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and … | Jun 10, 2026 |
| CVE-2026-45556 | CRITICAL | 9.9 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf/<service>/<server_ip>/rule/<rule_id>/save accepts a config_file_name form field … | Jun 10, 2026 |
| CVE-2026-45552 | CRITICAL | 9.9 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → … | Jun 10, 2026 |
| CVE-2026-45550 | CRITICAL | 9.1 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, PUT /smon/check (app/routes/smon/routes.py:117-138) gates only on roxywi_common.check_user_group_for_flask() … | Jun 10, 2026 |
| CVE-2026-45549 | HIGH | 8.5 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agent_action (app/routes/smon/agent_routes.py:166-179) has decorators @bp.post('/agent/action/<action>') and @jwt_required() … | Jun 10, 2026 |
| CVE-2026-11884 | MEDIUM | 6.5 | A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size … | Jun 10, 2026 |
| CVE-2025-10238 | MEDIUM | 6.7 | During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user … | Jun 10, 2026 |
| CVE-2025-10237 | MEDIUM | 6.7 | During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform … | Jun 10, 2026 |
| CVE-2026-9758 | HIGH | 7.3 | Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted | Jun 10, 2026 |
| CVE-2026-53442 | MEDIUM | 5.3 | Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job … | Jun 10, 2026 |
| CVE-2026-53441 | UNKNOWN | — | Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could … | Jun 10, 2026 |
| CVE-2026-53440 | MEDIUM | 4.3 | Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe … | Jun 10, 2026 |
| CVE-2026-53439 | MEDIUM | 4.3 | Missing permission checks in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allow attackers with Overall/Read permission to determine other users' configured timezone and to … | Jun 10, 2026 |
| CVE-2026-53438 | MEDIUM | 4.3 | A missing permission check in Jenkins 2.567 and earlier, LTS 2.555.2 and earlier allows attackers with Item/Cancel permission, but lacking Item/Read permission, to cancel queue … | Jun 10, 2026 |
| CVE-2026-53437 | MEDIUM | 4.3 | Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains tab … | Jun 10, 2026 |
| CVE-2026-53436 | MEDIUM | 4.3 | Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins when it contains relative … | Jun 10, 2026 |
| CVE-2026-53435 | HIGH | 8.8 | In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or … | Jun 10, 2026 |
| CVE-2026-52759 | MEDIUM | 5.5 | Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can … | Jun 10, 2026 |
| CVE-2026-52758 | HIGH | 8.8 | Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote … | Jun 10, 2026 |
| CVE-2026-52757 | MEDIUM | 4.4 | Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafting a … | Jun 10, 2026 |
| CVE-2026-52756 | MEDIUM | 4.8 | Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operations … | Jun 10, 2026 |