CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7711 matches found

OSV•added 2026/04/22 6:4 p.m.•2 views

USN-8199-1 glance vulnerabilities

Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2024-32498 Hyeongeun Ji and Abhishek Keka...

6.5CVSS5.8AI score0.00214EPSS

Exploits1References3

RedhatCVE•added 2026/04/16 3:32 p.m.•1 views

CVE-2026-40683

A flaw was found in OpenStack Keystone. When using the LDAP identity backend, the system incorrectly processes the user enabled attribute if the userenabledinvert configuration option is set to False. This error causes users marked as disabled in LDAP to be treated as enabled within Keystone,...

7.7CVSS5.7AI score0.00025EPSS

Exploits0References7

Tenable Nessus•added 2026/04/15 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-40683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration...

7.7CVSS5.8AI score0.00025EPSS

Exploits0References3

Snyk•added 2026/04/14 9:31 p.m.•2 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the...

7.7CVSS5.7AI score0.00025EPSS

Exploits0References2

Github Security Blog•added 2026/04/14 9:31 p.m.•5 views

OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.8AI score0.00025EPSS

Exploits0References6Affected Software1

EUVD•added 2026/04/14 9:31 p.m.•0 views

EUVD-2026-22701

7.7CVSS5.8AI score0.00025EPSS

Exploits0References5

OSV•added 2026/04/14 8:16 p.m.•2 views

DEBIAN-CVE-2026-40683

7.7CVSS5.3AI score0.00025EPSS

Exploits0References1

UbuntuCve•added 2026/04/14 8:16 p.m.•0 views

CVE-2026-40683

7.7CVSS5.8AI score0.00025EPSS

Exploits0References5

OSV•added 2026/04/14 8:16 p.m.•3 views

UBUNTU-CVE-2026-40683

7.7CVSS5.8AI score0.00025EPSS

Exploits0References6

ATTACKERKB•added 2026/04/14 8:5 p.m.•1 views

CVE-2026-40683

7.7CVSS5.8AI score0.00025EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/04/14 8:5 p.m.•21 views

CVE-2026-40683

7.7CVSS0.00025EPSS

Exploits0References4

CVE•added 2026/04/14 8:5 p.m.•6 views

CVE-2026-40683

Keystone (OpenStack) LDAP identity backend vulnerability CVE-2026-40683: before 28.0.1, the user_enabled_invert setting is not applied when False, causing non-empty string values like 'FALSE' to be treated as enabled; this permits authentication and actions for users disabled in LDAP. All deploym...

7.7CVSS5.8AI score0.00025EPSS

Exploits0References4

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

PT-2026-32909

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user enabled invert configuration option is False the default. The ldap res to model method in the UserApi class only performed string-to-boolean conversion when user...

7.7CVSS5.8AI score0.00025EPSS

Exploits0References7

CNNVD•added 2026/04/14 12:0 a.m.•1 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 28.0.1 had security vulnerabilities. These vulnerabilities stemmed from the fact that the LDAP identity backend did not convert user enablement properties in...

7.7CVSS5.8AI score0.00025EPSS

Exploits0References4

RedhatCVE•added 2026/04/13 7:37 p.m.•3 views

CVE-2026-33551

A flaw was found in OpenStack Keystone. An authenticated user with a reader role can exploit a vulnerability in the EC2 credential creation endpoint. By using a restricted application credential to call the EC2 credential creation API, the user may obtain EC2/S3 credentials that carry the full se...

3.5CVSS5.8AI score0.00033EPSS

Exploits1References6

EUVD•added 2026/04/10 9:31 a.m.•1 views

EUVD-2026-21332

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting XSS vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs...

5.4CVSS5.8AI score0.00012EPSS

Exploits0References4

NVD•added 2026/04/10 8:16 a.m.•2 views

CVE-2026-40212

5.4CVSS0.00012EPSS

Exploits0References4

OSV•added 2026/04/10 3:31 a.m.•2 views

GHSA-4PHW-6824-6CFP OpenStack Keystone: Restricted application credentials can create EC2 credentials

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

3.5CVSS5.8AI score0.00033EPSS

Exploits1References5

Github Security Blog•added 2026/04/10 3:31 a.m.•5 views

OpenStack Keystone: Restricted application credentials can create EC2 credentials

5.3CVSS5.9AI score0.00033EPSS

Exploits1References5Affected Software1

OSV•added 2026/04/10 3:16 a.m.•2 views

DEBIAN-CVE-2026-33551

3.5CVSS5.4AI score0.00033EPSS

Exploits1References1

Rows per page