CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

EUVD-2026-27406

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

OpenStack Horizon has Incorrect Behavior Order

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

GHSA-VXVF-XVM3-P8J5 OpenStack Horizon has Incorrect Behavior Order

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

UBUNTU-CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

PT-2026-37090

Name of the Vulnerable Software and Affected Versions OpenStack Horizon versions 25.6 through 25.7.2 Description A flaw exists in the login view where a post-login redirect URL is written to the server-side session storage before a user is authenticated. This allows unauthenticated requests to...

CVE-2026-43002

CVE-2026-43002 (OpenStack Horizon) affects Horizon 25.6 and 25.7 prior to 25.7.3. A write operation to the session storage backend occurs before authentication, allowing unauthenticated requests to exhaust storage. This is a regression of CVE-2014-8124. Impact: potential denial of service due to ...

OpenStack Horizon 安全漏洞

OpenStack Horizon is an OpenStack-based project built using Django. It aims to provide a complete OpenStack dashboard along with a scalable framework for building new dashboards from reusable components. Versions 25.6, 25.7, and prior to 25.7.3 of OpenStack Horizon contained security...

Linux Distros Unpatched Vulnerability : CVE-2026-43002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and th...

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

EUVD-2020-0084

Malware in sbrugna...

EUVD-2022-2332

Malicious code in bioql PyPI...

OpenStack Horizon 输入验证错误漏洞

OpenStack Horizon is a Django-based project for OpenStack designed to provide complete OpenStack dashboards and an extensible framework for building new dashboards from reusable components. A security vulnerability exists in OpenStack Horizon versions 19.4.0 through 20.1.4 that stems from a...

SUSE CVE-2012-2144

Session fixation vulnerability in OpenStack Dashboard Horizon folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie...

SUSE CVE-2012-3540

Open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by...

SUSE CVE-2013-6858

Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to 1 "Volumes" or 2 "Network Topology" page...

SUSE CVE-2014-3475

Cross-site scripting XSS vulnerability in the Users panel admin/users/ in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than...