Keystone 6 Login Page - Open Redirect and Cross-Site Scripting

On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS. id: CVE-2022-0087 info: name: Keystone 6 Login Page - Open Redirect and Cross-Site Scripting author: ShivanshKhari severity: medium description: | On the login page,...

CVE-2026-48524 vulnerabilities

Vulnerabilities for packages: superset-fips, openstack-placement-2026.1-fips, datadog-agent, openstack-horizon-2025.2-fips, datadog-agent-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips, openstack-glance-2026.1, openstack-glance-2025.1,...

CVE-2026-48525 vulnerabilities

Vulnerabilities for packages: superset-fips, openstack-placement-2026.1-fips, datadog-agent, openstack-horizon-2025.2-fips, datadog-agent-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips, openstack-glance-2026.1, openstack-glance-2025.1,...

CVE-2026-48526 vulnerabilities

Vulnerabilities for packages: superset-fips, openstack-placement-2026.1-fips, datadog-agent, openstack-horizon-2025.2-fips, datadog-agent-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips, openstack-glance-2026.1, openstack-glance-2025.1,...

CVE-2026-48523 vulnerabilities

Vulnerabilities for packages: superset-fips, openstack-placement-2026.1-fips, datadog-agent, openstack-horizon-2025.2-fips, datadog-agent-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips, openstack-glance-2026.1, openstack-glance-2025.1,...

GHSA-FHV5-28VV-H8M8 vulnerabilities

Vulnerabilities for packages: superset-fips, openstack-placement-2026.1-fips, datadog-agent, openstack-horizon-2025.2-fips, datadog-agent-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips, openstack-glance-2026.1, openstack-glance-2025.1,...

GHSA-XGMM-8J9V-C9WX vulnerabilities

Vulnerabilities for packages: superset-fips, openstack-placement-2026.1-fips, datadog-agent, openstack-horizon-2025.2-fips, datadog-agent-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips, openstack-glance-2026.1, openstack-glance-2025.1,...

GHSA-JQ35-7PRP-9V3F vulnerabilities

Vulnerabilities for packages: superset-fips, openstack-placement-2026.1-fips, datadog-agent, openstack-horizon-2025.2-fips, datadog-agent-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips, openstack-glance-2026.1, openstack-glance-2025.1,...

GHSA-W7VC-732C-9M39 vulnerabilities

Vulnerabilities for packages: superset-fips, openstack-placement-2026.1-fips, datadog-agent, openstack-horizon-2025.2-fips, datadog-agent-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips, openstack-glance-2026.1, openstack-glance-2025.1,...

CVE-2026-48522 vulnerabilities

Vulnerabilities for packages: superset-fips, openstack-placement-2026.1-fips, datadog-agent, openstack-horizon-2025.2-fips, datadog-agent-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips, openstack-glance-2026.1, openstack-glance-2025.1,...

GHSA-993G-76C3-P5M4 vulnerabilities

Vulnerabilities for packages: superset-fips, openstack-placement-2026.1-fips, datadog-agent, openstack-horizon-2025.2-fips, datadog-agent-fips, openstack-glance-2025.2-fips, openstack-horizon-2025.1, openstack-glance-2025.1-fips, openstack-glance-2026.1, openstack-glance-2025.1,...

Virtuozzo Infrastructure 7.3 Update 1 Hotfix 1 (7.3.1-60)

This update provides security and stability fixes. Vulnerability id: VSTOR-123887 Stale S3 lifecycle timestamps could cause objects to expire at incorrect times. Vulnerability id: VSTOR-127098 The Keystone service could fail to restart after log rotation. Vulnerability id: VSTOR-129336 A stabilit...

[SECURITY] [DSA 6331-1] keystone security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6331-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 08, 2026 https://www.debian.org/security/faq -...

Debian dsa-6331 : keystone - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6331 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6331-1 [email protected]...

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

@beemstream/keystone-document-gallery (>=2.0.0 <=2.0.6), @k6js/admin-ui (>=0.3.0-20250618-02 <=0.4.7) +19 more potentially affected by CVE-2026-10802 via @keystone-6/core (>=1.1.1 <=6.5.2)

@keystone-6/core NPM version =1.1.1, =2.0.0, =0.3.0-20250618-02, =1.0.17, =1.0.19, =0.0.1, =2.1.0, =2.1.0-beta.0, =0.0.1-alpha.1, =1.0.0, =6.0.21, =1.0.0, =1.0.3, =1.0.12 and more Source cves: CVE-2026-10802 Source advisory: SNYK:JS-KEYSTONE6CORE-17179719...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the GraphQL API Endpoint that lacks depth limiting and complexity analysis for SQL queries. An attacker can cause excessive resource consumption by sending specially crafted reques...

CVE-2026-10802

The CVE-2026-10802 impact is in keystonejs keystone’s GraphQL API Endpoint, specifically in packages/core/src/lib/core/queries/output-field.ts. The vulnerability arises from a manipulation that causes resource consumption and can be exploited remotely. Public exploitation is reported, and a fix i...

CVE-2026-44394

A flaw was found in OpenStack Keystone. The federated token rescoping mechanism does not correctly propagate the original token's expiry to newly issued tokens. This allows a federated user to repeatedly rescope a token before it expires, effectively maintaining indefinite access and bypassing...

CVE-2026-42998

A flaw was found in OpenStack Keystone. The application credential authentication plugin fails to verify if the user provided in an authentication request matches the owner of the application credential. This allows a remote attacker to authenticate with their own credentials while impersonating...