Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7798 matches found

Positive Technologies
Positive Technologiesadded 2026/06/04 12:0 a.m.16 views

PT-2026-46137

Name of the Vulnerable Software and Affected Versions OpenStack Mistral versions prior to 22.0.0 Description An issue exists where a policy enforcement bypass allows arbitrary remote code execution when the API is exposed. Specific API endpoints do not properly validate user-supplied inputs,...

9.9CVSS6.5AI score0.00628EPSS
Exploits0References20
ATTACKERKB
ATTACKERKBadded 2026/06/04 12:0 a.m.4 views

CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

5.9CVSS5.8AI score0.00625EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/06/04 12:0 a.m.8 views

CVE-2026-41283

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

9.9CVSS5.9AI score0.00628EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/06/04 12:0 a.m.5 views

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

4.9CVSS5.8AI score0.00295EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/04 12:0 a.m.7 views

CVE-2026-41283

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

9.9CVSS5.9AI score0.00628EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/04 12:0 a.m.7 views

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

4.9CVSS5.8AI score0.00295EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/04 12:0 a.m.32 views

CVE-2026-44393

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...

0.00133EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/04 12:0 a.m.9 views

EUVD-2026-34294

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...

7.4CVSS5.8AI score0.00133EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/04 12:0 a.m.11 views

PT-2026-46260

Name of the Vulnerable Software and Affected Versions oslo.messaging versions 1.0.0 through 17.3.0 Description The RabbitMQ driver in oslo.messaging fails to perform TLS hostname verification when connecting to the message broker. While the driver enables certificate chain validation when ssl ca...

7.4CVSS5.5AI score0.00133EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/06/04 12:0 a.m.5 views

CVE-2026-44393

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...

7.4CVSS5.8AI score0.00133EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/06/04 12:0 a.m.11 views

PT-2026-46270

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set device owner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECT MANAGER witho...

2.2CVSS5.8AI score0.00262EPSS
Exploits0References9
CNNVD
CNNVDadded 2026/06/04 12:0 a.m.2 views

OpenStack oslo.messaging 安全漏洞

OpenStack oslo.messaging is an open-source messaging library for OpenStack. There are security vulnerabilities in the version of OpenStack oslo.messaging from 1.0.0 to 17.3.0. These vulnerabilities stem from the fact that the RabbitMQ driver does not perform TLS hostname verification. Any...

7.4CVSS5.3AI score0.00133EPSS
Exploits0References2
CVE
CVEadded 2026/06/04 12:0 a.m.13 views

CVE-2026-48681

OpenStack Ironic versions before 35.0.2 are affected by a vulnerability that allows file overwrite via directory traversal during deployment when processing a crafted ISO image. The issue concerns the deployment phase’s handling of ISO content, enabling unintended filesystem writes. Public source...

8.1CVSS5.8AI score0.00625EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/06/04 12:0 a.m.11 views

EUVD-2026-34201

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials...

9.9CVSS5.9AI score0.00628EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/04 12:0 a.m.32 views

CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

5.9CVSS0.00625EPSS
Exploits0References2
CVE
CVEadded 2026/06/04 12:0 a.m.15 views

CVE-2026-44393

Summary: OpenStack oslo.messaging (RabbitMQ driver) versions 1.0.0–17.3.0 fail TLS hostname verification when connecting to the broker. The driver validates certificate chains when ssl_ca_file is configured but does not pass the broker hostname into the TLS stack, allowing any certificate signed ...

7.4CVSS5.8AI score0.00133EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/06/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when...

7.4CVSS5.5AI score0.00133EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/06/04 12:0 a.m.10 views

PT-2026-46840

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions 32 through 35.0.1 Description An unauthenticated malicious user can cause a service crash by submitting a crafted JSON string to certain endpoints on the API or JSON-RPC service. Recommendations Update OpenStack Ironi...

7.5CVSS5.5AI score0.00324EPSS
Exploits0References14
NVD
NVDadded 2026/06/03 10:16 p.m.11 views

CVE-2026-46447

OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driverinfo or node.instanceinfo...

7.7CVSS0.00272EPSS
Exploits0References4
CVE
CVEadded 2026/06/03 12:0 a.m.15 views

CVE-2026-46447

OpenStack Ironic

7.7CVSS5.8AI score0.00272EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder