CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/08 12:31 a.m.•2 views

GHSA-MM7J-MHHJ-HJ36 OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

Github Security Blog•added 2026/05/08 12:31 a.m.•3 views

Exploits0References5

OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints

Exploits0References5Affected Software1

EUVD•added 2026/05/08 12:31 a.m.•2 views

EUVD-2026-28455

OSV•added 2026/05/07 10:16 p.m.•1 views

DEBIAN-CVE-2026-40213

UbuntuCve•added 2026/05/07 10:16 p.m.•1 views

Exploits0References1

CVE-2026-40213

7.4CVSS5.8AI score0.00038EPSS

Exploits0References4

OSV•added 2026/05/07 10:16 p.m.•4 views

UBUNTU-CVE-2026-40213

SUSE CVE•added 2026/05/07 2:19 a.m.•3 views

Exploits0References5

SUSE CVE-2026-43008

In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error handling for devmregmapinitmmio devmregmapinitmmio returns an ERRPTR on failure, not NULL. The original code checked for NULL which would never trigger on error, potentially leading to an invalid point...

5.8AI score0.00017EPSS

Cvelist•added 2026/05/07 12:0 a.m.•21 views

CVE-2026-40213

7.4CVSS0.00038EPSS

Debian CVE•added 2026/05/07 12:0 a.m.•3 views

CVE-2026-40213

ATTACKERKB•added 2026/05/07 12:0 a.m.•2 views

Exploits0

CVE-2026-40213

Exploits0References3Affected Software1

CVE•added 2026/05/07 12:0 a.m.•6 views

CVE-2026-40213

OpenStack Cyborg before 16.0.1 is affected by CVE-2026-40213. The issue arises from a default policy rule (rule:allow with check_str='@') applied to multiple API endpoints, which unconditionally authorizes any request bearing a valid Keystone token regardless of user roles, project membership, or...

Positive Technologies•added 2026/05/07 12:0 a.m.•5 views

PT-2026-38596

OpenStack Cyborg before 16.0.1 uses rule:allow check str='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can comple...

Vulnrichment•added 2026/05/07 12:0 a.m.•4 views

Exploits0References5

CVE-2026-40213

Tenable Nessus•added 2026/05/05 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-43008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error handling for devmregmapinitmmio devmregmapinitmmio returns an...

5.5CVSS5.8AI score0.00017EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: fpga: manager: Added a module owner field and used its pointer to count the reference count of the module. The current implementation of the fpgamanager assumes that the low-level module registers a driver for the parent devic...

5.5CVSS6.2AI score0.00028EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcoun...

5.5CVSS6AI score0.0003EPSS