Lucene search
K

5 matches found

EUVD
EUVD
added 2026/05/08 3:31 p.m.24 views

EUVD-2025-209740

The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment...

6.5CVSS5.8AI score0.00486EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 1:16 p.m.15 views

CVE-2025-66172

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and...

8.1CVSS0.00512EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 12:22 p.m.31 views

CVE-2026-25199

The CVE describes a vulnerability in the Proxmox extension for Apache CloudStack (affecting 4.21.0.0–4.22.0.0) where the user-editable proxmox_vmid setting is not validated against tenant ownership. An unauthenticated attacker can modify proxmox_vmid to reference a VM owned by another account, gr...

9.1CVSS5.8AI score0.005EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.18 views

PT-2026-38913

Name of the Vulnerable Software and Affected Versions CloudStack Backup plugin versions 4.21.0.0 through 4.22.0.0 Description The CloudStack Backup plugin contains improper authorization logic. Authenticated users in environments where this plugin is enabled can list backups from any account in t...

6.5CVSS5.8AI score0.00486EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/12/20 12:0 a.m.5 views

CVE-2024-37758

Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges...

7AI score0.00341EPSS
Exploits0References1
Rows per page
Query Builder