Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3103 matches found

OSV
OSVadded 2026/04/14 9:31 p.m.2 views

GHSA-PFX2-9X9M-7GHX OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.8AI score0.00308EPSS
Exploits0References6
Snyk
Snykadded 2026/04/14 9:31 p.m.3 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via the...

7.7CVSS5.7AI score0.00308EPSS
Exploits0References2
NVD
NVDadded 2026/04/14 8:16 p.m.2 views

CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS0.00308EPSS
Exploits0References4
OSV
OSVadded 2026/04/14 8:16 p.m.2 views

DEBIAN-CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.3AI score0.00308EPSS
Exploits0References1
OSV
OSVadded 2026/04/14 8:16 p.m.4 views

UBUNTU-CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.8AI score0.00308EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/04/14 8:5 p.m.22 views

CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS0.00308EPSS
Exploits0References4
CVE
CVEadded 2026/04/14 8:5 p.m.9 views

CVE-2026-40683

Keystone (OpenStack) LDAP identity backend vulnerability CVE-2026-40683: before 28.0.1, the user_enabled_invert setting is not applied when False, causing non-empty string values like 'FALSE' to be treated as enabled; this permits authentication and actions for users disabled in LDAP. All deploym...

7.7CVSS5.8AI score0.00308EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/14 8:5 p.m.2 views

CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.8AI score0.00308EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/14 8:5 p.m.3 views

CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.8AI score0.00308EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2026/04/14 8:5 p.m.3 views

CVE-2026-40683

In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...

7.7CVSS5.3AI score0.00308EPSS
Exploits0
OSV
OSVadded 2026/04/14 8:2 p.m.1 views

GHSA-M5QG-JC75-4JP6 October Rain has a Twig Sandbox Bypass via Collection Methods

A sandbox bypass vulnerability was identified in the optional Twig safe mode feature CMSSAFEMODE. Certain methods on the collect helper were not properly restricted, allowing authenticated users with template editing permissions to bypass sandbox protections. Impact - Bypass of Twig sandbox...

4.9CVSS5.8AI score0.00395EPSS
Exploits2References3
Snyk
Snykadded 2026/04/14 3:30 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in select-organization.ftl - shown on the organization selection login page - since the organization.alias value is inserted into an inline JavaScript onclick handler. A user with manage-realm or...

6.9CVSS5.9AI score0.00226EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/14 8:40 a.m.22 views

CVE-2026-33892

A vulnerability has been identified in Industrial Edge Management Pro V1 All versions = V1.7.6 = V2.0.0 = V2.2.0 V2.8.0. Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent...

7.1CVSS0.00209EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/14 8:40 a.m.1 views

EUVD-2026-22242

A vulnerability has been identified in Industrial Edge Management Pro V1 All versions = V1.7.6 = V2.0.0 = V2.2.0 V2.8.0. Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent...

7.1CVSS5.8AI score0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/14 8:40 a.m.0 views

CVE-2026-33892

A vulnerability has been identified in Industrial Edge Management Pro V1 All versions = V1.7.6 = V2.0.0 = V2.2.0 V2.8.0. Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent...

7.1CVSS5.8AI score0.00209EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.3 views

PT-2026-32909

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 28.0.1 Description The LDAP identity backend fails to convert the user enabled attribute to a boolean value when the user enabled invert configuration option is set to False. Specifically, the ldap res to...

7.7CVSS5.2AI score0.00308EPSS
Exploits0References15
CVE
CVEadded 2026/04/10 3:10 p.m.5 views

CVE-2026-40223

Affected software: systemd, versions 258 prior to 260. Vulnerability: local unprivileged user can trigger an assertion if a Delegate=yes and User= unit exists and is running. Root cause: assertion path in systemd when the unit condition is met. Impact: results in an assertion (denial of service v...

5.5CVSS5.8AI score0.00086EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/04/10 3:31 a.m.3 views

EUVD-2026-21270

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnetenabled results in os command injection. The attack is possible ...

10CVSS6.9AI score0.01803EPSS
Exploits0References6
NVD
NVDadded 2026/04/10 1:16 a.m.3 views

CVE-2026-5994

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnetenabled results in os command injection. The attack is possible ...

10CVSS0.01803EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/04/10 12:30 a.m.1 views

CVE-2026-5994

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnetenabled results in os command injection. The attack is possible ...

10CVSS6.9AI score0.01803EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder