Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-50221 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-50221)
SSRF in ssrf (CVE-2026-50221). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-46448 |
|
Vulnerability in nova (CVE-2026-46448)
vulnerability in nova (CVE-2026-46448). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-50589 |
|
Vulnerability in openstack (CVE-2026-50589)
vulnerability in openstack (CVE-2026-50589). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-48681 |
|
Vulnerability in path-traversal (CVE-2026-48681)
vulnerability in path-traversal (CVE-2026-48681). Confidential information can be exposed externally.
|
| CVE-2026-44917 |
|
Vulnerability in openstack (CVE-2026-44917)
vulnerability in openstack (CVE-2026-44917). Confidential information can be exposed externally.
|
| CVE-2026-46447 |
|
OpenStack Ironic through 35.0.x allows Boot Script Injection.
OpenStack Ironic through 35.0.x allows Boot Script Injection.
|
| CVE-2026-44394 |
|
Authorization Flaw in keystone (CVE-2026-44394)
vulnerability in keystone (CVE-2026-44394). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v3/auth/tokens`. Mitigation: upgrade to `29.0.2` or later.
|
| CVE-2026-42998 |
|
Authorization Flaw in keystone (CVE-2026-42998)
vulnerability in keystone (CVE-2026-42998). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `29.0.2` or later.
|
| CVE-2026-42999 |
|
Vulnerability in keystone (CVE-2026-42999)
vulnerability in keystone (CVE-2026-42999). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `29.0.2` or later.
|
| CVE-2026-43000 |
|
Vulnerability in keystone (CVE-2026-43000)
vulnerability in keystone (CVE-2026-43000). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `29.0.2` or later.
|
| CVE-2026-44916 |
|
Vulnerability in CVE-2026-44916 (CVE-2026-44916)
vulnerability in CVE-2026-44916 (CVE-2026-44916). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42997 |
|
Vulnerability in ironic-python-agent (CVE-2026-42997)
vulnerability in ironic-python-agent (CVE-2026-42997). Confidential information can be exposed externally. Mitigation: upgrade to `26.1.6` or later.
|
| CVE-2026-43003 |
|
OS Command Injection in ironic-python-agent (CVE-2026-43003)
OS command injection in ironic-python-agent (CVE-2026-43003). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `11.6.0` or later.
|
| CVE-2026-43001 |
|
Authorization Flaw in keystone (CVE-2026-43001)
vulnerability in keystone (CVE-2026-43001). Confidential information can be exposed externally. Exploitable via `POST /v3/credentials`.
|
| CVE-2026-42510 |
|
Vulnerability in ironic (CVE-2026-42510)
vulnerability in ironic (CVE-2026-42510). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `35.0.1` or later.
|
| CVE-2026-33551 |
|
Authorization Flaw in keystone (CVE-2026-33551)
vulnerability in keystone (CVE-2026-33551). Confidential information can be exposed externally. Mitigation: upgrade to `26.1.1` or later.
|
| CVE-2026-34881 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-34881)
SSRF in ssrf (CVE-2026-34881). Risk of unauthorized operations or information disclosure.
|
| CVE-2018-3639 |
|
Vulnerability in intel (CVE-2018-3639)
vulnerability in intel (CVE-2018-3639). Confidential information can be exposed externally.
|
| CVE-2017-17051 |
|
Vulnerability in dos (CVE-2017-17051)
vulnerability in dos (CVE-2017-17051). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-16613 |
|
Authentication Bypass in swauth (CVE-2017-16613)
authentication bypass in swauth (CVE-2017-16613). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `70af7986265a3defea054c46efc82d0698917298, 1.3.0` or later.
|
| CVE-2017-10379 |
|
Authorization Flaw in c (CVE-2017-10379)
vulnerability in c (CVE-2017-10379). Confidential information can be exposed externally.
|
| CVE-2017-7549 |
|
Vulnerability in instack-undercloud (CVE-2017-7549)
vulnerability in instack-undercloud (CVE-2017-7549). Confidential information can be exposed externally.
|
| CVE-2015-5695 |
|
Vulnerability in dos (CVE-2015-5695)
vulnerability in dos (CVE-2015-5695). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-12440 |
|
Vulnerability in openstack (CVE-2017-12440)
vulnerability in openstack (CVE-2017-12440). Successful exploitation can lead to full system takeover.
|
| CVE-2015-3156 |
|
Vulnerability in openstack (CVE-2015-3156)
vulnerability in openstack (CVE-2015-3156). Data can be tampered with by attackers.
|
| CVE-2015-2687 |
|
Vulnerability in openstack (CVE-2015-2687)
vulnerability in openstack (CVE-2015-2687). Confidential information can be exposed externally.
|
| CVE-2017-7980 |
|
Buffer Overflow in dos (CVE-2017-7980)
vulnerability in dos (CVE-2017-7980). Successful exploitation can lead to full system takeover.
|
| CVE-2017-1000366 |
|
Buffer Overflow in redhat (CVE-2017-1000366)
vulnerability in redhat (CVE-2017-1000366). Successful exploitation can lead to full system takeover.
|
| CVE-2015-7514 |
|
Information Disclosure in openstack (CVE-2015-7514)
vulnerability in openstack (CVE-2015-7514). Confidential information can be exposed externally.
|
| CVE-2017-9214 |
|
Vulnerability in c (CVE-2017-9214)
vulnerability in c (CVE-2017-9214). Successful exploitation can lead to full system takeover. Exploitable via ``ofputil_pull_queue_get_config_reply10``.
|
| CVE-2017-8309 |
|
Vulnerability in c (CVE-2017-8309)
vulnerability in c (CVE-2017-8309). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8379 |
|
Vulnerability in dos (CVE-2017-8379)
vulnerability in dos (CVE-2017-8379). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-6519 |
|
Cross-Site Scripting (XSS) in redhat (CVE-2016-6519)
cross-site scripting in redhat (CVE-2016-6519). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-7400 |
|
Cross-Site Scripting (XSS) in openstack (CVE-2017-7400)
cross-site scripting in openstack (CVE-2017-7400). Risk of unauthorized operations or information disclosure.
|
| CVE-2014-5009 |
|
Command Injection in snoopy (CVE-2014-5009)
command injection in snoopy (CVE-2014-5009). Successful exploitation can lead to full system takeover.
|
| CVE-2014-5008 |
|
Snoopy allows remote attackers to execute arbitrary commands.
Snoopy allows remote attackers to execute arbitrary commands.
|
| CVE-2008-7313 |
|
Command Injection in snoopy (CVE-2008-7313)
command injection in snoopy (CVE-2008-7313). Successful exploitation can lead to full system takeover.
|
| CVE-2015-8234 |
|
Vulnerability in openstack (CVE-2015-8234)
vulnerability in openstack (CVE-2015-8234). Data can be tampered with by attackers.
|
| CVE-2017-5973 |
|
Vulnerability in c (CVE-2017-5973)
vulnerability in c (CVE-2017-5973). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-7214 |
|
Vulnerability in openstack (CVE-2017-7214)
vulnerability in openstack (CVE-2017-7214). Successful exploitation can lead to full system takeover.
|
| CVE-2017-7200 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2017-7200)
SSRF in ssrf (CVE-2017-7200). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-7103 |
|
Cross-Site Scripting (XSS) in jqueryui (CVE-2016-7103)
cross-site scripting in jqueryui (CVE-2016-7103). Risk of unauthorized operations or information disclosure.
|
| CVE-2016-5737 |
|
Cross-Site Scripting (XSS) in openstack (CVE-2016-5737)
cross-site scripting in openstack (CVE-2016-5737). Risk of unauthorized operations or information disclosure.
|