389 matches found
EUVD-2025-18064
Malicious code in bioql PyPI...
EUVD-2024-41492
Malicious code in bioql PyPI...
EUVD-2024-41491
Malicious code in bioql PyPI...
EUVD-2024-39461
Malicious code in bioql PyPI...
EUVD-2025-18065
Malicious code in bioql PyPI...
EUVD-2024-37272
Malicious code in bioql PyPI...
EUVD-2022-31329
Malicious code in bioql PyPI...
EUVD-2024-41554
Malicious code in bioql PyPI...
The vulnerability of the software platform for managing execution environments of virtual machines in Apache CloudStack lies in the insecure management of privileges, allowing attackers to escalate their privileges.
The vulnerability of the software platform that manages virtual machine environments in Apache CloudStack relates to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
The vulnerability of the software platform for managing execution environments of Apache CloudStack, related to information disclosure, allows a hacker to gain unauthorized access to protected information.
The vulnerability of the software platform that manages virtual machine environments in Apache CloudStack is related to information disclosure. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the software platform for managing execution environments of Apache CloudStack, related to insufficient protection of operational data, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the software platform that manages virtual machine environments in Apache CloudStack is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the protected...
Apache CloudStack Elevation of Privilege Vulnerability
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack has a security vulnerability that can be exploited ...
Apache CloudStack elevation of privilege vulnerability (CNVD-2025-20874)
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack has a security vulnerability that can be exploited ...
Apache CloudStack Authorization Issues Vulnerability
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An authorization issue vulnerability exists in Apache CloudStack...
Apache CloudStack Information Disclosure Vulnerability (CNVD-2025-15706)
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from an information disclosure vulnerabilit...
CVE-2025-47713
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume...
CVE-2025-30675
In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the 'domainid' parameter along with the 'filter=self' or 'filter=selfexecutable' values. This allows the attack...
CVE-2025-47849
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and...
CVE-2025-22829
The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for...
CVE-2025-26521
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based...