Lucene search
+L

8 matches found

vulnrichment
vulnrichment
added 2026/05/05 12:0 a.m.8 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS5.8AI score0.0044EPSS
Exploits0References2
osv
osv
added 2026/05/05 12:0 a.m.2 views

CVE-2026-42997

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS6AI score0.0044EPSS
Exploits0References9
snyk
snyk
added 2026/04/28 6:30 a.m.8 views

Unsafe Dependency Resolution

Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the ipmitool process when a non-default configuration enables a console interface. An attacker can execute unauthorized commands by leveraging access to the...

7.5CVSS5.9AI score0.0057EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/04/09 2:34 p.m.3 views

CVE-2026-34578

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldapescape. An unauthenticated attacker can inject LDAP filter metacharacters into the username field ...

8.2CVSS5.9AI score0.00415EPSS
Exploits1References3Affected Software1
euvd
euvd
added 2026/04/09 2:34 p.m.44 views

EUVD-2026-20896

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldapescape. An unauthenticated attacker can inject LDAP filter metacharacters into the username field ...

8.2CVSS5.9AI score0.00415EPSS
Exploits1References2
cvelist
cvelist
added 2026/04/09 2:34 p.m.18 views

CVE-2026-34578 OPNsense has an LDAP Injection via Unsanitized Username in Authentication

OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldapescape. An unauthenticated attacker can inject LDAP filter metacharacters into the username field ...

8.2CVSS0.00415EPSS
Exploits1References2
cve
cve
added 2026/04/09 2:34 p.m.39 views

CVE-2026-34578

OPNsense prior to 26.1.6 exposes LDAP injection risk in the WebGUI login: the LDAP authentication connector inserts the username directly into the LDAP search filter without escaping. An unauthenticated attacker can inject LDAP metacharacters to enumerate valid LDAP usernames. If the LDAP server ...

8.2CVSS5.9AI score0.00415EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2026/04/09 12:0 a.m.13 views

Deciso OPNsense 安全漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Prior to version 26.1.6, there were security vulnerabilities in OPNsense. These vulnerabilities stemmed from the LDAP authentication connector, which directly passed the...

8.2CVSS5.8AI score0.00415EPSS
Exploits1References2
Rows per page
Query Builder