CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

155 matches found

EUVD•added 2026/02/27 6:31 a.m.•9 views

EUVD-2026-8999

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS5.9AI score0.00763EPSS

Exploits2References3

Github Security Blog•added 2026/02/27 6:31 a.m.•9 views

OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

9.1CVSS6.3AI score0.00763EPSS

Exploits2References6Affected Software1

NVD•added 2026/02/27 5:18 a.m.•8 views

CVE-2026-28370

9.1CVSS0.00763EPSS

Exploits2References3

OSV•added 2026/02/27 5:18 a.m.•4 views

CVE-2026-28370

9.1CVSS6.3AI score

Exploits0References3

OSV•added 2026/02/27 5:18 a.m.•3 views

UBUNTU-CVE-2026-28370

9.1CVSS7.7AI score0.00763EPSS

Exploits2References4

Vulnrichment•added 2026/02/27 4:56 a.m.•4 views

CVE-2026-28370

9.1CVSS6.4AI score0.00763EPSS

Exploits2References2

ATTACKERKB•added 2026/02/27 4:56 a.m.•4 views

CVE-2026-28370

9.1CVSS7.6AI score0.00763EPSS

Exploits2References3Affected Software1

Cvelist•added 2026/02/27 4:56 a.m.•24 views

CVE-2026-28370

9.1CVSS0.00763EPSS

Exploits2References2

CVE•added 2026/02/27 4:56 a.m.•30 views

CVE-2026-28370

OpenStack Vitrage suffers a remote code execution risk in the query parser. In versions prior to 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user with API access can trigger code execution on the Vitrage service host as the service user through the _create_query_function path in vitrage/graph/query.py....

9.1CVSS6AI score0.00763EPSS

Exploits2References3Affected Software1

Debian CVE•added 2026/02/27 4:56 a.m.•7 views

CVE-2026-28370

9.1CVSS8.7AI score0.00763EPSS

Exploits2

UbuntuCve•added 2026/02/27 12:0 a.m.•3 views

CVE-2026-28370

9.1CVSS7.2AI score0.00763EPSS

Exploits2References3

CNNVD•added 2026/02/27 12:0 a.m.•6 views

OpenStack Vitrage 安全漏洞

OpenStack Vitrage is an analysis engine developed under the open-source OpenStack framework. Vulnerabilities exist in versions of OpenStack Vitrage prior to 12.0.1, 13.0.0, 14.0.0, and 15.0.0. These vulnerabilities stem from defects in the query parser, which may lead to code execution...

9.1CVSS7.4AI score0.00763EPSS

Exploits2References3

Tenable Nessus•added 2026/02/10 12:0 a.m.•3 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: pcs (UTSA-2026-005328)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005328 advisory. Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its paramslimit only for parameters separated by &, while still...

7.5CVSS5.5AI score0.00535EPSS

Exploits0References4

Snyk•added 2026/01/28 4:33 p.m.•3 views

Malicious Package

Overview another-query-parser is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score

Exploits0References2

AstraLinux•added 2026/01/13 2:1 p.m.•6 views

Astra Linux – Vulnerability in Ruby-Rack

Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforced its paramslimit only for parameters separated by &, while still splitting on both & and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters...

7.5CVSS5.8AI score0.00535EPSS

Exploits0References3

Tenable Nessus•added 2026/01/13 12:0 a.m.•7 views

MiracleLinux 9 : pcs-0.11.9-2.el9_6.2.ML.1 (AXSA:2025-11083:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11083:07 advisory. rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon- separated parameters CVE-2025-59830 rack: Rack's...

7.5CVSS7.3AI score0.00848EPSS

Exploits0References6

Tenable Nessus•added 2026/01/13 12:0 a.m.•7 views

MiracleLinux 8 : pcs-0.10.18-2.el8_10.5.ML.1 (AXSA:2025-10529:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10529:04 advisory. rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser CVE-2025-46727 tornado: Tornado Multipart Form-Data Denial of Service CVE-2025-47287...

7.5CVSS6.9AI score0.00911EPSS

Exploits0References3

Mageia•added 2025/12/29 8:41 p.m.•19 views

Updated ruby-rack packages fix security vulnerabilities

Unbounded-Parameter DoS in Rack::QueryParser. CVE-2025-46727 ReDoS Vulnerability in Rack::Multipart handlemimehead. CVE-2025-49007 Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters. CVE-2025-59830 Rack's unbounded multipart preamble buffering...

8.7CVSS6.9AI score0.00911EPSS

Exploits0References2

OSV•added 2025/12/29 8:41 p.m.•4 views

MGASA-2025-0334 Updated ruby-rack packages fix security vulnerabilities

8.7CVSS6.8AI score0.00911EPSS

Exploits0References3

Tenable Nessus•added 2025/12/15 12:0 a.m.•4 views

RHEL 9 : pcs (RHSA-2025:19512)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:19512 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack...

7.5CVSS7.3AI score0.00848EPSS

Exploits0References12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by