Lucene search
K

3821 matches found

OSV
OSV
added 2026/04/10 3:16 a.m.10 views

PYSEC-2026-202

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS5.5AI score0.0022EPSS
Exploits1References4
OSV
OSV
added 2026/04/10 3:16 a.m.3 views

DEBIAN-CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS5.4AI score0.0022EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/10 12:0 a.m.3 views

CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

3.5CVSS5.9AI score0.0022EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.10 views

PT-2026-31855

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0 Description A flaw exists in OpenStack Keystone where restricted application credentials can be used to create EC2 credentials. An authenticated user with a...

5.3CVSS5.8AI score0.0022EPSS
Exploits1References20
EUVD
EUVD
added 2026/04/10 12:0 a.m.4 views

EUVD-2026-21278

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

3.5CVSS5.9AI score0.0022EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions prior to 26.1.1, as well as versions 27.0.0, 28.0.0, and 29.0.0 of OpenStack Keystone contain security vulnerabilities. These vulnerabilities stem from the ability for restricted applicati...

3.5CVSS5.8AI score0.0022EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/10 12:0 a.m.6 views

CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

3.5CVSS5.9AI score0.0022EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/10 12:0 a.m.45 views

CVE-2026-33551

OpenStack Keystone vulnerability CVE-2026-33551 allows an authenticated user with only a reader role to obtain EC2/S3 credentials via restricted application credentials when using the EC2/S3 compatibility API (swift3/s3api). Affected products/versions: Keystone 14 through 26 before 26.1.1, 27.0.0...

5.3CVSS5.9AI score0.0022EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/04/10 12:0 a.m.4 views

CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS5.4AI score0.0022EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.3 views

PT-2026-30747

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions 2024.10 through 2025.12.01 Description Improper input validation in the FileBrowser API within AWS Research and Engineering Studio RES could allow a remote authenticated attacker to execute...

8.8CVSS6.2AI score0.01087EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.3 views

CVE-2026-5418

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/02 6:30 p.m.28 views

CVE-2026-5418 appsmithorg appsmith Dashboard WebClientUtils.java computeDisallowedHosts server-side request forgery

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS0.00303EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/02 6:30 p.m.1 views

CVE-2026-5418

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Appsmith 代码问题漏洞

Appsmith is an open-source platform developed by Appsmith for building, deploying, and maintaining internal applications. Versions of Appsmith 1.97 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect operations in the computeDisallowedHosts function of the...

7.5CVSS7.2AI score0.00303EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.5 views

PT-2026-29873

A vulnerability was identified in appsmithorg appsmith up to 1.97. Impacted is the function computeDisallowedHosts of the file app/server/appsmith-interfaces/src/main/java/com/appsmith/util/WebClientUtils.java of the component Dashboard. Such manipulation leads to server-side request forgery. The...

7.5CVSS6.6AI score0.00303EPSS
Exploits0References7
NVD
NVD
added 2026/04/01 6:16 p.m.12 views

CVE-2026-34159

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

9.8CVSS0.01126EPSS
Exploits2References3
EUVD
EUVD
added 2026/04/01 4:59 p.m.4 views

EUVD-2026-17975

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

9.8CVSS6.2AI score0.01126EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/04/01 4:59 p.m.2 views

CVE-2026-34159 llama.cpp: Unauthenticated RCE via GRAPH_COMPUTE buffer=0 bypass in llama.cpp RPC backend

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

9.8CVSS6.2AI score0.01126EPSS
Exploits2References3
CVE
CVE
added 2026/04/01 4:59 p.m.16 views

CVE-2026-34159

The CVE-2026-34159 entry for llama.cpp describes an unauthenticated RCE via the RPC backend: prior to v.b8492, deserialize_tensor() omits bounds validation when tensor.buffer == 0, enabling an attacker to read/write arbitrary process memory through crafted GRAPH_COMPUTE messages. Combined with AL...

9.8CVSS6.2AI score0.01126EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2026/04/01 4:59 p.m.23 views

CVE-2026-34159 llama.cpp: Unauthenticated RCE via GRAPH_COMPUTE buffer=0 bypass in llama.cpp RPC backend

llama.cpp is an inference of several LLM models in C/C++. Prior to version b8492, the RPC backend's deserializetensor skips all bounds validation when a tensor's buffer field is 0. An unauthenticated attacker can read and write arbitrary process memory via crafted GRAPHCOMPUTE messages. Combined...

9.8CVSS0.01126EPSS
Exploits2References3
Rows per page
Query Builder