CVE-2026-54911 vulnerabilities

Vulnerabilities for packages: openstack-glance-2025.1-fips, datahub-ingestion, openstack-horizon-2025.1-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.2-fips, openstack-horizon-2026.1-fips, openstack-placement-2025.2, openstack-placement-2025.1-fips, openstack-placement-2025.2-fips,...

GHSA-3J69-69WJ-XQX2 vulnerabilities

Vulnerabilities for packages: openstack-glance-2025.1-fips, datahub-ingestion, openstack-horizon-2025.1-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.2-fips, openstack-horizon-2026.1-fips, openstack-placement-2025.2, openstack-placement-2025.1-fips, openstack-placement-2025.2-fips,...

GHSA-6V7P-G79W-8964 vulnerabilities

Vulnerabilities for packages: openstack-glance-2025.1-fips, openstack-keystone-2025.1-fips, openstack-placement-2025.2, openstack-placement-2025.2-fips, openstack-placement-2025.1, dbt-core, openstack-placement-2026.1, openstack-horizon-2025.1, dask-kubernetes, authentik-fips, lmcache-cuda-12.8,...

CVE-2026-55748

A flaw was found in OpenStack Horizon. This vulnerability allows a highly privileged remote attacker, with user interaction, to craft a project name containing shell metacharacters. When scripts for OpenStack RC file downloading are produced, these metacharacters may be processed, potentially...

OpenStack Horizon RC file generation does not escape special characters in project names

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

CVE-2026-55748

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

UBUNTU-CVE-2026-55748

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

EUVD-2026-37723

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

CVE-2026-55748

OpenStack Horizon prior to 25.7.4 can generate scripts for downloading OpenStack RC files where a crafted project name containing shell metacharacters is possible. The description notes this as a security hardening opportunity rather than a vulnerability, and the CVSS 3.1 metrics indicate a MEDIU...

CVE-2026-55748

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

CVE-2026-55748

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability...

Exploit for CVE-2019-5513

VMware Horizon /broker/xml Vulnerability Scanner !Security...

SEC-Bench Pro: Can Language Models Solve Long-Horizon Software Security Tasks?

Large language models LLMs now support automated software security tasks, including vulnerability discovery and proof-of-concept PoC generation. Existing benchmarks do not faithfully evaluate LLMs in real-world bug hunting scenarios because they rely on fuzzing harnesses, target-specific...

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

EUVD-2026-27406

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

Incorrect Behavior Order

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order due to a write operation to the session storage backend occurring before authentication. An attacker can exhaust storage resources by sending unauthenticated requests. Remediation Upgrade horizon to version 25.7...

GHSA-VXVF-XVM3-P8J5 OpenStack Horizon has Incorrect Behavior Order

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

OpenStack Horizon has Incorrect Behavior Order

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...