Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

roxy-wi — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting roxy-wi. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Roxy-WI is a web interface for managing HAProxy, Nginx, and Keepalived, primarily used for load balancer configuration and monitoring. Historically, it has been vulnerable to multiple security issues including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation vulnerabilities. The application has accumulated 9 CVEs to date, with several allowing unauthenticated attackers to execute arbitrary commands or bypass security controls. Notable characteristics include its exposure of sensitive system information and insufficient input validation in multiple components. While no major public incidents have been widely documented, the consistent discovery of critical vulnerabilities in its codebase highlights ongoing security concerns for administrators deploying this tool in production environments.

Top products by roxy-wi: roxy-wi
CVE IDTitleCVSSSeverityPublished
CVE-2026-33208 Roxy-WI Vulnerable to Authenticated Remote Code Execution via OS Command Injection in find-in-config Endpoint — roxy-wiCWE-78 8.8AIHighAI2026-04-24
CVE-2026-33078 Roxy-WI has SQL Injection in haproxy_section_save Endpoint via Unsanitized server_ip Parameter — roxy-wiCWE-89 9.8AICriticalAI2026-04-24
CVE-2026-33077 Roxy-WI has an arbitrary file read vulnerability — roxy-wiCWE-22 7.5AIHighAI2026-04-24
CVE-2026-33076 Roxy-WI vulnerable to path traversal and arbitrary file writing — roxy-wiCWE-22 9.8AICriticalAI2026-04-24
CVE-2026-33432 Roxy-WI has Pre-Authentication LDAP Injection that Leads to Authentication Bypass — roxy-wiCWE-287 7.5AIHighAI2026-04-20
CVE-2026-33431 Roxy-WI Vulnerable to Authenticated Arbitrary File Read via Path Traversal in Config Version Viewer — roxy-wiCWE-24 8.1AIHighAI2026-04-20
CVE-2026-27811 Roxy-WI has a Command Injection via diff parameter in config comparison allows authenticated RCE — roxy-wiCWE-77 8.8 High2026-03-17
CVE-2026-22265 Roxy-WI has a Command Injection via grep parameter in logs.py allows authenticated RCE — roxy-wiCWE-78 7.5 High2026-01-15
CVE-2024-43804 OS Command Injection via Port Scan Functionality in Roxy-WI — roxy-wiCWE-78 8.8 High2024-08-29

This page lists every published CVE security advisory associated with roxy-wi. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.