CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1543 matches found

Github Security Blog•added 2026/05/01 9:30 a.m.•5 views

OpenStack Keystone has an Incorrect Authorization Issue

An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8CVSS5.8AI score0.00404EPSS

Exploits1References5Affected Software1

OSV•added 2026/05/01 9:30 a.m.•2 views

GHSA-HHQ2-3832-XXCV OpenStack Keystone has an Incorrect Authorization Issue

7.9CVSS5.8AI score0.00404EPSS

Exploits1References5

NVD•added 2026/05/01 9:16 a.m.•1 views

CVE-2026-43001

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8CVSS0.00404EPSS

Exploits1References3

UbuntuCve•added 2026/05/01 9:16 a.m.•2 views

CVE-2026-43001

8.5CVSS5.8AI score0.00404EPSS

Exploits1References3

OSV•added 2026/05/01 9:16 a.m.•2 views

UBUNTU-CVE-2026-43001

8CVSS5.8AI score0.00404EPSS

Exploits1References5

Cvelist•added 2026/05/01 12:0 a.m.•26 views

CVE-2026-43001

7.9CVSS0.00404EPSS

Exploits1References3

CVE•added 2026/05/01 12:0 a.m.•12 views

CVE-2026-43001

CVE-2026-43001 affects OpenStack Keystone (versions 13–29) where POST /v3/credentials does not validate that the caller-supplied project_id for an EC2-type credential matches the authenticating application credential’s project. An attacker with an unrestricted app_cred for project A can create an...

8CVSS5.8AI score0.00404EPSS

Exploits1References3Affected Software1

CNNVD•added 2026/05/01 12:0 a.m.•6 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Security vulnerabilities exist in OpenStack Keystone versions 13 to 29. These vulnerabilities stem from the lack of verification of the projectid provided by the caller in the POST /v3/credentials...

8CVSS5.8AI score0.00404EPSS

Exploits1References4

Positive Technologies•added 2026/05/01 12:0 a.m.•4 views

PT-2026-36306

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 13 through 29 Description An issue exists where the 'POST /v3/credentials' endpoint fails to validate that the project id provided by the caller for an EC2-type credential matches the project of the authenticating...

8CVSS5.8AI score0.00404EPSS

Exploits1References25

Vulnrichment•added 2026/05/01 12:0 a.m.•3 views

CVE-2026-43001

7.9CVSS5.8AI score0.00404EPSS

Exploits1References3

ATTACKERKB•added 2026/05/01 12:0 a.m.•6 views

CVE-2026-43001

8.5CVSS5.8AI score0.00404EPSS

Exploits1References4Affected Software1

EUVD•added 2026/05/01 12:0 a.m.•5 views

EUVD-2026-26488

7.9CVSS5.8AI score0.00404EPSS

Exploits1References2

Debian CVE•added 2026/05/01 12:0 a.m.•6 views

CVE-2026-43001

8CVSS5.8AI score0.00404EPSS

Exploits1

RedhatCVE•added 2026/04/16 3:32 p.m.•2 views

CVE-2026-40683

A flaw was found in OpenStack Keystone. When using the LDAP identity backend, the system incorrectly processes the user enabled attribute if the userenabledinvert configuration option is set to False. This error causes users marked as disabled in LDAP to be treated as enabled within Keystone,...

7.7CVSS5.7AI score0.00308EPSS

Exploits0References7

Tenable Nessus•added 2026/04/15 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-40683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration...

7.7CVSS5.4AI score0.00308EPSS

Exploits0References2

EUVD•added 2026/04/14 9:31 p.m.•3 views

EUVD-2026-22701

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.8AI score0.00308EPSS

Exploits0References5

vulnersOsv•added 2026/04/14 9:31 p.m.•2 views

a10-octavia (>=1.0.0 <=2.2.0) potentially affected by CVE-2026-40683 via keystone (>=15.0.1 <=18.0.0)

keystone PYPI version =15.0.1, =1.0.0, =2.2.0 Source cves: CVE-2026-40683 Source advisory: OSV:GHSA-PFX2-9X9M-7GHX...

7.7CVSS5.8AI score0.00308EPSS

Exploits0

Snyk•added 2026/04/14 9:31 p.m.•3 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the...

7.7CVSS5.7AI score0.00308EPSS

Exploits0References2

Github Security Blog•added 2026/04/14 9:31 p.m.•5 views

OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean

7.7CVSS5.8AI score0.00308EPSS

Exploits0References6Affected Software1

OSV•added 2026/04/14 9:31 p.m.•2 views

GHSA-PFX2-9X9M-7GHX OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean

7.7CVSS5.8AI score0.00308EPSS

Exploits0References6

Rows per page